Hi Lurent, e.g. :
you join two companies ( lets name them "A" and "B" ) using overlapping private adress-space. Lets assume "A" has a Fileserver.A at 192.168.2.1. Users on Company B like to acces Fileserver.A using - but at "B" they have their Mailserver.B at 192.168.2.1. So the network form Company A needs to be hidden behind NAT so that 192.168.2.1 at A is accessed by something else from B using e.g. 192.168.202.1. ( or any other feasible address ). And beause "A" has several 1000 Systems which should be accessed by "B" it would be a big deal when querying the DNS from A - would lead to a response with a NATted IP-Address "B" could use instead the "real" A IP-Address which are paritally in use at "B" too. .... -----Original Message----- From: Laurent CARON [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2008 3:30 PM To: Stefan Sczekalla Cc: misc@openbsd.org Subject: Re: nat - DNS-ALG ... Translating DNS for "Twice-NAT" Stefan Sczekalla wrote: > Hi Laurent, > > The Problem I like to solve is: > > Hiding a Network by nat while keeping it accessible via DNS without > translating every natted IP manually on a local DNS-Server. Maybe i'm completely stupid but i *really* don't see the goal of this. - You've got a private network. - You want to hide it from the internet - You use NAT - You use the same domain on the external internet and on your internal LAN - Why not using a split DNS config ? Maybe there is too many assumptions ;) Please tell me if i'm wrong ;)