On Tue, 16 May 2006, [ISO-8859-1] Per-Olov Sjöholm wrote:
> Mipam wrote:
> > Hi All,
> >
> > A small internal network is defined to be able to send traffic outside:
> >
> > outside = "{ a.b.c.d }"
> > special = "{ 10.23.145.10 }"
> > internal = "{ 10.23.145.0/24, !10.23.145.10 }"
> >
> > nat on fxp0 from $internal to any -> $outside
> > binat on fxp0 from $special to any -> $outside
> >
> > Meaning of this is that i do with natting and portmapping on all normal
> > connections, but only the host 10.23.145.10 should not be portmapped.
> > Actually i wish it more specified, only source port 5555 from $special
> > should not be portmapped, the rest doesnt matter. Is such possible or
> > should i stick to this?
> > Bye,
> >
> > Mipam.
>
> Hi Mipam
>
> Have you tried a table of "internal" as it wont handle the negated
> address and expand it in the same way as the macro.
Thanks for your answer.
I didn't try this.
As work around I did this:
outside = "{ a.b.c.d }"
special = "{ 10.23.145.10 }"
internal = "{ 10.23.145.0/24 }"
no nat on fxp0 from $special to any
nat on fxp0 from $internal to any -> $outside
binat on fxp0 from $special to any -> $outside
This worked for me, now all connection from $special to any are 1-1
mapped, so the ports aren't translated, the rest of the network is
normally natted. :-)
I'll look at the table you mentioned.
Bye,
Mipam.
