[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPFILTER: selective NATing
Am Dienstag, 2. Januar 2001 19:51 schrieb Attila Nagy:
> Hello,
>
> > > is it possible with ipfilter that packets for specified subnets are not
> > > NATed? Setup:
> > > ---- OBSD NAT -> Workstations (192.168.214.0/24)
> > > Internet -- routers /
> > > \
> > > ---- Firewall -> Server Farm (public IP space)
> > > The last Core router before the Internet Connections knows the route to
> > > 192.168.214.0/24, so i don't want accesses from 192.168.214.0/24 to our
> > > server farm (several /24's) to be NATed (accounting purposes).
> > > Any possibility aside from using additional wires?
>
> /etc/ipnat.rules:
> map if0 from workstations_ip/24 ! to server_farm_ip/24 -> natbox_ip/32
>
> I think this is what you want...
If it just would work, yes...
map rl0 from 192.168.214.0/24 ! to 213.128.133.0/24 -> 213.61.139.134/32
portmap tcpudp 1025:65000
(all in one line of course)
gives sytax error: missing field (netmask) :-(((
btw, we have multiple /24's for the server farm - there is no solution, isn't
it?
btw, this box is OpenBSD 2.7, IPFilter 3.3.16
> --------------------------------------------------------------------------
> Attila Nagy e-mail: Attila.Nagy@fsn.hu
> Budapest Polytechnic (BMF.HU) @work: +361 210 1415 (194)
> H-1084 Budapest, Tavaszmezo u. 15-17. cell.: +3630 306 6758
--
Henning Brauer | BS Web Services
Hostmaster BSWS | Roedingsmarkt 14
hostmaster@bsws.de | 20459 Hamburg
www.bsws.de | Germany