Matthias Apitz wrote:
El día Wednesday, September 05, 2007 a las 11:30:02PM -0700, Darren Reed
escribió:
> You can do this:
>
> map em1 from 193.31.10.32/24 to any port = 123 -> xxx.xxx.xxx.xxx/32 udp age 30/1
>
> to limit make the timeout 30 seconds for a reply and 1 second after the
> reply
> has been recieved.
Hello Darren,
Sorry to have overlooked the 'age' parameter in the man page, I was
doing 'man -S5 ipnat | col -b | fgrep time'; but it gives now an error
and the line 37 is exactly cut&pasted from your hint and changed
xxx.xxx.xxx.xxx to the real IP of the NIC):
# ipnat -CF -f /etc/ipnat.rules
0 entries flushed from NAT table
3 entries flushed from NAT list
syntax error error at "age", line 37
Correct syntax for input:
map em1 from 193.31.10.32/24 to any port = 123 -> 1.1.1.1/32 age 30/1 udp
..it should allow the other as well, as that's what comes out of "ipant
-l".
Sorry about that.
Darren
