[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-users
Subject:    Re: NPF single NIC & NAT
From:       Ryan Brackenbury <ryan.brackenbury () gmail ! com>
Date:       2016-06-27 16:21:45
Message-ID: loom.20160627T181222-485 () post ! gmane ! org
[Download RAW message or body]

Eric Garver <e <at> erig.me> writes:


> 
> I recently rebuilt my home network and do exactly this. Coincidentally I
> just finished writing/posting it yesterday.
> 

Perfect timing :)

> 
> Just a warning: You're allowing _all_ traffic to hit your NetBSD box.
> 

Thanks for the heads up. I do know that the gateway router does some
filtering before passing on the traffic, so I don't think I've been too
vulnerable in the meantime.


>
> It is possible that NPF won't let you redirect out the same interface (
> I don't know). But try the above first. If that fails, then you can try
> using VLANs.
> 

I added the 'stateful' tag to my rules as you suggested, but unfortunately
it seems like that just won't be enough. A real shame too, because iptables
doesn't have these limitations -- but I really hate iptables syntax whereas
npf is so clean and concise.

Failing another solution, looks like I might have to use vlans after all.
Thanks for the tips! 



[prev in list] [next in list] [prev in thread] [next in thread]