On 07/04/2009 04:59:21 AM, Falk Husemann wrote:
Hello all on the pf list,
for a really stupid german ISP I need to setup a binat with
exceptions.
Thanks in advance for any suggestions.
You could take advantage of the fact that the first
matching translation rule ends the processing,
so put your exceptions first and then a general
catch-all.
Don't forget that because binats are processed
before nats and rdrs a binat rule will cause
ftp-proxy anchors to be ignored. So use a nat together with an rdr
instead of binat for those ports that ftp-proxy
might use.
Karl <k...@meme.com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
