Subject: Re: Off-topic: Dumb IPNAT question
To: None <scottr@Plexus.COM>
From: Takahiro Kambe <email@example.com>
Date: 06/16/1998 10:51:30
In message <Pine.NEB.3.96.980614212720.16870Afirstname.lastname@example.org>
on Sun, 14 Jun 1998 21:29:20 -0500 (CDT),
Scott Reynolds <scottr@Plexus.COM> wrote:
> On Sun, 14 Jun 1998 mouse@Rodents.Montreal.QC.CA wrote:
> > 3) A NAT setup that edits FTP control streams as they go past (yes, I
> > have seen such a thing - in a commercial product);
> Um, both the Linux `IP masquerading' (free) and ip-filter's NAT (free)
> have this functionality. I believe it was broken for a while in the
NetBSD have ip-filter. I have never enabled ip-filter's NAT on
NetBSD, but successfully I have been running on FreeBSD.
Based on /usr/share/examples/ipf/nat.eg as an example,
ipnat.rules bellow works on FreeBSD with ip-filter (not firewall
function with FreeBSD).
map ed1 10.1.0.0/16 -> 240.1.0.1/32 proxy ftp ftp/tcp
map ed1 10.1.0.0/16 -> 240.1.0.1/32 portmap tcp 10000:20000
map ed1 10.1.0.0/16 -> 240.1.0.0/24
The order of lines are important.
Takahiro Kambe <email@example.com>