On Thu, Feb 17, 2005 at 08:57:03AM -0500, Chris Ross wrote: > > So the issue is, if packets come in ppp0, I want to reply to them > *out* > ppp0, without NAT'ing. But, otherwise, I want the NAT rules to NAT > them out the broadband connection. > > Is this sort of inquiry/selection possible with ipfilter/ipnat?
I used to have a patch that did exactly this. I am not sure if it still works. You should have rules like: pass in quick on if0 to if0:DEFAULT_ROUTER proto tcp ... keep state keep frags Here if0 is your broadband interface and DEFAULT_ROUTER needs to be replaced by the ip address of the default router on the broadband side. You also need RDR ruiles if you want to terminate a connection not on your ipf host, but an internal one. E.g.: rdr if0 0.0.0.0/0 port 22 -> 192.168.1.1 port 22 tcp frag if an SSH connection to your broadband IP address should terminate internally at host 192.168.1.1. You can try if this works without a patch by I don't think it will. Otherwise you'll have to make my old patch working on ipf4. The old patch can be found at: http://coombs.anu.edu.au/~avalon/ipfpatches/guido-multi_home.patch Btw: this will only work for rules with "keep state" present. I'm sorry that I will not be able to help due to ENOTIME and the fact that I no longer have such a setup. Btw2: You can use your setup to use the broadband for you http traffic. Then you should use: pass in quick on int0 to if0:DEFAULT_ROUTER proto tcp from internal_net to any port = 80 keep state int0 is the interface of your internal network with an appropriate NAT (map) rule like: map if0 internal_net -> 0/32 frag -Guido
