Eh... for the openbsd needing the interface configured with a particualr
IP address, man "arp" and look at the pub option. Additionally you can
use host routes to force the machine to force some particualary screwey
routing arrangements (good luck debugging network problems). My
experience with ipfilter (not so familiar with "pf") also indicated there
is a great deal of flexibility with regards to which interface has any
particular set of nat rules applied to packets passing thorugh it.
Of course this doesn't help with making iptables do what is being asked of
it.
On Thu, 19 Jun 2003, Andrew M Hoerter wrote:
>
> There's no reason that shouldn't work. I for one would be curious to know
> how it works out. The platform I'm most familiar with for
> firewalling purposes, OpenBSD, can't do transparent bridging with NAT.
> Among other problems, it won't respond to ARP queries for the NAT address
> unless the second interface is configured with that address. The packets
> get translated but no replies ever make it back. I don't know if they're
> ever planning on fixing this issue, since it's well-rooted in how the BSD
> IP stack and firewall software works.
>
> But Linux's networking code is totally different, so perhaps you won't
> have that problem.
>
>
>
>
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:03:10 EDT