netbsd-help: Re: web server behind nat/ipf

Subject: Re: web server behind nat/ipf
To: None <netbsd-help@netbsd.org>
From: Henry Nelson <henry@irm.nara.kindai.ac.jp>
List: netbsd-help
Date: 08/23/2000 09:09:38

I'm still in the dark about many of the mysteries of NAT.  Suspect
there are others, too, so if you can provide a definitive explanation
to these two quickie questions, please cc it to the help list.

> map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32 portmap tcp/udp 40000:60000
                      ^^                                       ^^^^^^^^^^^
As for the mask, I've seen /26, even /28, recommended so that no IP traffic
for the system itself gets translated.  Very foggy on what that would mean.
I know that /24 works fine (as far as I can see -- but that's not very far).

I've seen even more variation on the port range: 20000:40000, 10000:60000,
etc. etc. are to be seen in the scattered documentation.  *Why* say
"40000:60000?"  What's the reason, advantage, whatever?

TIA

henry nelson