On Tue, 27 Jul 1999, Frederick Bruckman wrote:

> On Mon, 26 Jul 1999, James Webster wrote:
> 
> > I'm trying to map the following ports from my internal machine 10.0.0.1 to the internet through my IPNat gateway 10.0.0.5 (ne1 is local and ep0 is internet).
> > 
> > Allow outbound TCP connection on port 47624. 
> > Allow inbound and outbound connections on TCP and UDP ports 2300-2400. 
> > Allow inbound and outbound connections on TCP and UDP ports 28800 - 28912 
> > 
> > This is what I have in my ipnat.conf:
> > map ep0 10.0.0.1/0 port 47624 -> 0.0.0.0/32 port 47624
> > map ne1 0.0.0.0/32 tcp/udp port 2300:2400 -> 10.0.0.1/0 tcp/udp port 2300:2400
> > map ep0 10.0.0.1/0 tcp/udp port 2300:2400 -> 0.0.0.0/32 tcp/udp port 2300:2400
> > map ne1 0.0.0.0/32 tcp/udp port 28800:28912 -> 10.0.0.1/0 tcp/udp port 28800:28912
> > map ep0 10.0.0.1/0 tcp/udp port 28800:28912 -> 0.0.0.0/32 tcp/udp port 28800:28912
> 
> If you want all 47264 traffic to go to the internal machine, use rdr.
> 
> rdr ne1 0/0 port 47624 -> 10.0.0.5 port 47264 tcp/udp
> 
> and so on. That makes all incoming connections on the that port, on
> ne1, appear to be coming from the gateway.

Wait, that's wrong. rdr rewrites the destination on incoming packets;
map rewrites the source on outgoing. So

   map ep0 10.0.0.1/32 port 47624 -> 0 port 47624 tcp
   rdr ne1 0/0 port 47624 -> 10.0.0.1/32 port 47624 tcp

would do inbound and outbound on port 47624, but that's not what you
asked for. You asked to redirect a family of incoming ports. I don't
know if you can even do that.

You can enter rules more or less interactively with "ipnat -f -", or
"ipnat -rf -" (to disable them). Use ^D to exit; "ipnat -l" to list.
Sorry to confuse you.