>>> Manuel Bouyer <bouyer@antioche.eu.org> 4/06/2002 04:58:14 >>>

> > something like hardwired NAT, one IP/PORT to one IP/PORT mapping.
>=20
> I guess it's what "bimap" is for ...

Hmmm... I did some research on this, out of curiosity.

The "bimap" rule is best for mapping a singe 'inside' IP to a single =
'outside'
IP address.  No port mapping goes on (AFAIK), so all source/destination
ports remain the same, just the IP changes.  eg:

  bimap fxp1 1.2.3.4/32 -> 10.10.10.10/32

If you specify a subnet mask other than /32, it gives a random address
for each mapping, but does keep state, which may be useful to renumber
a block of addresses to another whole block, but of course, no servers
would be able to have a static IP on the 'inside', but any clients would =
be
free to do whatever they wanted.  A better way to do this is:

  map-block fxp1 1.2.3.0/24 -> 10.10.10.0/24 auto

And, there is also Policy NAT, which allows the packets to be rewritten
differently depending on the destination subnet, eg:

  map tun0 from 10.10.10.10/32 ! to 192.168.1.0/24 -> 1.2.3.4/32
  map tun0 from 10.10.10.10/32 port =3D 10000 to 4.3.2.1/32 -> 1.2.3.4/32

I don't think any of this helps with Wojciech's original question, though =
I
don't seem to be able to find anything that does.  :-/

Richard.