Re: ipnat on same interface?

To: netbsd-users%netbsd.org@localhost
Subject: Re: ipnat on same interface?
From: Lars-Johan Liman <liman%autonomica.se@localhost>
Date: Sat, 08 Jan 2011 15:11:26 +0100

Malcolm Herbert:
> not sure whether you're talking ipf or pf here,

ipf + ipnat. Sorry for the confusion.

> but I suspect it's the same answer for both - you can't do NAT in both
> directions on the same interface.

OK. It might be that it turns out to be logically "impossible". Fair
enough.

> There apparently is a method to set up this by bouncing traffic via
> lo0 but I've only seen it mentioned as an aside without details, sorry
> ...

Ack. Someone else mentioned creating a tap0, which sounds more enticing.

> routing Internet traffic via lo0 is an ... interesting ... security
> position as well ... :)

Indeed.

> How much traffic are you talking about through this host?

Very little (at least, that's the intention ... ;-).

> If it's fairly minimal, you may want to look at other
> application-level proxying solutions, such as inetd+netcat or
> inetd+socat

That's an interesing track. Thanks for the hint!

> or a web-based reverse proxy (squid is probably too heavy weight for
> this, but there are other tools that are out there)

(This is non-web UDP service, so I assume squid is not a preferable
tool.)

                                Best regards,
                                  /Lars-Johan Liman

Follow-Ups:
- Re: ipnat on same interface?
  - From: Malcolm Herbert

Prev by Date: Re: Is fdisk necessary to partition a second disk exclusively for data?
Next by Date: Re: ipnat on same interface?
Previous by Thread: Re: ipnat on same interface?
Next by Thread: Re: ipnat on same interface?
Indexes:

Home | Main Index | Thread Index | Old Index