[CUWiN] nat bogosity (was: circular route)

[David Young]

On Fri, Jan 20, 2006 at 03:28:06PM -0500, simon-cuw at uc.org wrote:
> ipnat.conf's manpage indicates that you can negate a subnet from the mapping.
> If I do the following on Node A, it seems to get me a bit closer:
> 
> map sip0 from 10.0.0.0/8 ! to 192.168.42.0/24 -> 192.168.42.22/32 tcp/udp 10000:20000
> map sip0 from 10.0.0.0/8 ! to 192.168.42.0/24 -> 192.168.42.22/32
> 
> I'm just having trouble confirming that 100%, as I don't have access to any systems on
> LAN-Z right now.

I see how that could work.  Run with it.

BTW, on 0.6.0 the NAT rules are like this, which does not quite have
the desired effect:

	rdr sip0 192.168.0.1/32 port 80 -> 127.0.0.1 port 80 tcp
        map sip0 from 10.0.0.0/8 ! to 10.0.0.0/8 -> 192.168.42.22/32 \
            portmap tcp/udp 10000:20000
	map sip0 from 10.0.0.0/8 ! to 10.0.0.0/8 -> 192.168.42.22/32

Eventually I will switch from ipf(4) to pf(4), which will give us a lot
more NAT flexibility.  I may have to do it sooner rather than later.

Dave

-- 
David Young             OJC Technologies
dyoung at ojctech.com      Urbana, IL * (217) 278-3933