On Tue, Mar 19, 2002 at 12:12:10PM +0000, xs@kittenz.org wrote:
> on Mon, Mar 18, 2002 at 04:03:45PM -0300, Diego Linke - GAMK wrote:
> > It has 3 networks cards, one to the internal network (192.168.0.X) , another
> > to an ADSL router and the third to a leased line Internet link (NIC).
> > 
> > I need to NAT the internal network, being able to choose which IPs go
> > "nated" for the ADSL or for the leased line. The company's Directors already
> > asked me to return to Linux, since it has "ip advanced routing". I'm struggling
> > to mantain BSD on our servers, and I cannot believe it's not possible to
> > perform this function under this so advanced system.
> 
> If my reading of the ipnat.conf(5) manpage is right, this is what you want?
> (ne0 = adsl interface, ne1 = leased line, ne2 = internal)
> 
> map ne1 from 192.168.0.0/24 to 123.123.123.123/32 -> 12.12.12.0/24 portmap tcp/udp 1025:65000
> map ne1 from 192.168.0.0/24 to 123.123.123.123/32 -> 12.12.12.0/24
> map ne0 from 192.168.0.0/24 -> 12.12.12.0/24 portmap tcp/udp 1025:65000
> map ne0 from 192.168.0.0/24 -> 12.12.12.0/24
> 
> and in ipf.conf(5):
> block in on ne2 to ne1 from 192.168.0.0/24 to 123.123.123.123/32

Presumably if the default route is pointing out to leased line on 'ne1' you
will want a rule like this in /etc/ipf.conf:
  pass out quick on ne1 to ne0:router_ip from 12.12.12.12/24 to any

So that when the NAT rules map something to 12.12.12.0/24 but forwards it
out the default route the packet will get intercepted and forwarded to
router_ip via the ne0 interface.

-Andrew