[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Routing private networks



Not according to the manpages
In the example below, fxp1 is the outside interface; the machine sits
be-tween a fake internal 144.19.74.* network, and a routable external IP
of 204.92.77.100.  The no nat rule excludes protocol AH from being
translated.     
     # NO NAT
     no nat on fxp1 proto ah from 144.19.74.0/24 to any
     nat on fxp1 from 144.19.74.0/24 to any -> 204.92.77.100
:-/ hmmmmmmm
On Thu, 2003-03-20 at 12:23, Jacek Artymiak wrote:
> On Thu, Mar 20, 2003 at 11:02:03AM -0800, Bryan Irvine wrote:
> > I read the rules on "no nat" and thought I had it configured correctly.
> > ...
> > no nat on $WAN from $LAN to $DMZ
> > no nat on $WAN from $DMZ to $LAN
> > nat on $WAN inet from $LAN to any -> ($WAN)
> > nat on $WAN inet from $DMZ to any -> ($WAN)
> 
> since the last matching rule wins, shouldn't this be
> 
> nat on $WAN inet from $LAN to any -> ($WAN)
> nat on $WAN inet from $DMZ to any -> ($WAN)
> no nat on $WAN from $LAN to $DMZ
> no nat on $WAN from $DMZ to $LAN
>  
> ???
> 
> Best regards,
> 
> Jacek Artymiak
>