On Friday 16 September 2005 04:20 pm, Raymond Lillard wrote: > First off, it's a bad idea to broadcast your real IP numbers > in a public place.
I had always thought that but then I read this article: http://homepages.tesco.net/~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html It seems to make sense. After all, they are public IP addresses, and by trying to obscure them I might either create or hide a typo that would prevent proper assistance. Maybe Jonathan is wrong but the argument seems logical on the surface. > Secondly, here's what works for me. > > nat_pool = "{ 169.1.2.64/29 }" > > nat on $ext_if from 10.10.10.0/25 to any -> $nat_pool source-hash Unfortunately I don't see where this is effectively different from: nat on $ext_if from <kw_net_minus> -> 66.100.28.136/29 source-hash Except I'm using a table and the "to any" isn't specified, but it isn't necessary when the form is: nat on $ext_if from !$ext_if -> $ext_if:0 But I do like using the macro for the nat pool. But I'll certainly try to change things around, just in case. Thanks. Chris
