Re: non-newbie with a newbie question (ipnat)

["David S." <davids@idiom.com>]

> So here is ipnat as I understand it, I have at the begining:
> map fxp0 192.168.1.0/24 -> 156.98.18.15/32 portmap tcp/udp 10000:60000
> map fxp0 192.168.1.0/24 -> 156.98.18.15/32
> So as I understand it, this is mapping all the outgoing connections to
> the 18.15 address?  But what about the incoming connections? I have
> other rules in the ipnat.rules that redirect the web and ssh servers to
> specific machines and ports such as:
> rdr fxp0 156.98.18.25/32 port 22 -> 192.168.1.18 port 22
> 
> But my question is, how about the ports that my backup program uses?  If
> I have to specifically say port 22 on one external address should be
> pointing to port 22 on the private machine, how is my backup server
> going to connect from the outside to port 60x or 793x when I don't know
> the exact port number?  Is there some type of default redirect I am not
> using?  or do I not understand the map command? 

If your backup server needs to initiate connections to the systems getting
backed up, then you'll need to NAT a unique port, or unique range of ports,
to every backup client, and your backup server will have to configured to
use the different unique port for every client it wants to back up.  If
that's not possible, and it probably isn't, you could

	- Move your back-up server to your NAT-ed subnet
	- Construct a tunnel (man gif) from your backup server to your
	   NAT-ed network, so the server has an interface on that network
	- If you can get routeable addresses for your NAT-ed hosts,
	   change from a NAT-ing firewall to a bridging firewall

David S.

> 
> --ja