[CUWiN] nat bogosity (was: circular route)
David Young
dyoung at pobox.com
Sun Jan 29 14:05:53 CST 2006
On Fri, Jan 20, 2006 at 03:28:06PM -0500, simon-cuw at uc.org wrote:
> ipnat.conf's manpage indicates that you can negate a subnet from the mapping.
> If I do the following on Node A, it seems to get me a bit closer:
>
> map sip0 from 10.0.0.0/8 ! to 192.168.42.0/24 -> 192.168.42.22/32 tcp/udp 10000:20000
> map sip0 from 10.0.0.0/8 ! to 192.168.42.0/24 -> 192.168.42.22/32
>
> I'm just having trouble confirming that 100%, as I don't have access to any systems on
> LAN-Z right now.
Simon,
I just switched the sources in the trunk from IP Filter to PF.
PF has a more expressive NAT language than IP Filter does. I feel
certain that you can write the rules you need in PF. Look at
cuw/trunk/src/boot-image/extras/etc/dhclient-exit-hooks for the place
where I write the NAT rules.
Dave
--
David Young OJC Technologies
dyoung at ojctech.com Urbana, IL * (217) 278-3933
More information about the CU-Wireless
mailing list