In message <20011007102322.A28243@gryphon>, Grant Beattie writes:
>On Sun, Oct 07, 2001 at 12:56:06AM +0200, Wojciech Puchar wrote:
>
>> how to define ipnat.conf to masquerade from 192.168.0.0/16 through ppp0
>> interface when it's IP is unknown (dial-up connection).
>> or it's impossible so i should regenerate ipnat.conf and rerun ipnat after
>> connection (ip-up script)
>
>Just to clarify - IPFilter does NAT, not IP Masquerading. Some NAT
>implementations can appear to act in a similar way to Masq, but
>referring to NAT as "IP Masq" can cause confusion :-)
>
>ipf NAT to a dynamic IP address can be done like so:
>
>	map ppp0 192.168.0.0/16 -> 0/32
>
>You don't need to regenerate ipnat.conf since it doesn't need to
>change, but you will need to flush and reload the NAT rules when the
>IP address changes:
>
>	# ipnat -CFf /etc/ipnat.conf
>
>(-F flushes the NAT state table also, which may or may not be what you
>want depending on your setup)

Are you sure?  'man ipf' says use -y when the IP addresses change.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com