[Firewall] transparent dnat timeouts

John Eikenberry jae at zhar.net
Wed Mar 11 22:27:13 CET 2009


Arno van Amersfoort wrote:

> IMO this solution looks fine. I don't see any real downside of it, and  
> isn't this what you wanted: having the clients connect to the server  
> as-if they connect from the outside? I'm even thinking about  
> implementing this into the dnat plugin too as the concept is pretty 
> good....

It was exactly what I wanted. I had the slight hesitation caused by a
comment in the thread I referenced about not logging the real IPs. It
didn't really make sense to me at the time given how the packets are
routed, but I thought I'd ask about it anyways in case I was missing
something.

Thanks for affirming the solution as a good one.

-- 

John Eikenberry
[jae at zhar.net - http://zhar.net]
[PGP public key @ http://zhar.net/jae_at_zhar_net.gpg]
______________________________________________________________
"Perfection is attained, not when no more can be added, but when no more 
 can be removed." -- Antoine de Saint-Exupery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20090311/1d54fe32/attachment.pgp>


More information about the Firewall mailing list