On 2/15/07 11:01 AM, "Darren Reed" <[EMAIL PROTECTED]> wrote:
> In some mail from Peter Eisch, sie said: >> >> >> I have an excerpt like this: >> >> # **** hide the office from others **** >> map en0 from 201.2.30.0/24 to any -> 201.3.34.25/32 proxy port ftp ftp/tcp >> map en0 from 201.2.30.0/24 to any -> 201.3.34.25/32 portmap auto >> map en0 from 201.2.30.0/24 to any -> 201.3.34.25/32 >> # end of office hiding >> >> Which enables me to hide all the office traffic behind the address noted. I >> now have a need to leak the office traffic out to systems on the >> 201.3.34.24/29 LAN. >> >> For example, traffic between 201.2.30.22 and 201.3.34.27 would not be NAT'd. >> >> Is there way clever way to rewrite the rule to use !to or some sort of >> boolean logic so I don't have to fully enumerate the 'any' in the above >> example? > > In map rules, you can do exactly that - say "!to": > > map en0 from 201.2.30.0/24 ! to 201.3.34.24/29 -> 201.3.34.25/32 > Holy Snikes! It works! Thanks Darren. I should probably put together a collection of extremely useful but potentially obscure configuration examples. I could at least find examples for myself somewhat cogently. peter
