netbsd-users: RE: IPNAT

Subject: RE: IPNAT
To: NetBSD netbsd-users mailing list <netbsd-users@netbsd.org>
From: Amir Nazary <anazary@pctc.com>
List: netbsd-users
Date: 08/02/2004 20:07:55
Thanks for the response.  I'll give your suggestion a try.  If it
doesn't work I guess I could explicitly translate each ip address one by
one (except the one I don't want translated) but I was hoping there
would be some way of doing this without 253 lines in my ipnat.conf file.
But I guess that's not really so bad.  I was just thinking that maybe
the longer your ipnat.conf file is, the potentially slower the
router????

Amir Nazary
Manager, Infrastructure
Pacific Corporate Trust Company
=20
anazary@pctc.com
www.pctc.com
Tel:  (604) 691-7375
Fax: (604) 689-8144
-----Original Message-----
From: netbsd-users-owner@NetBSD.org
[mailto:netbsd-users-owner@NetBSD.org] On Behalf Of Julian Coleman
Sent: Monday, August 02, 2004 4:36 AM
To: NetBSD netbsd-users mailing list
Subject: Re: IPNAT

> Should I be posting this elsewhere?  I have gotten zero responses thus
far...

This usually means that no-one has the answer.  This list or maybe
netbsd-help
should be OK.

> Using ipnat, I am translating a block of private addresses in a /24
subnet to a single address (the external address is still private and
goes into another router that nat's to a public address).? That works
just fine. ?Now, I want to be able to skip natting a single IP address
in that block so that it gets forwarded normally, and not translated.?
Is this possible?

(I don't use NAT myself, so this is my best guess.)

I assume you have something like:

  map fxp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:40000
  map fxp0 192.168.0.0/24 -> 0/32

in your existing ipnat.conf to map the whole 192.168.0.0/24 block
outgoing
on interface fxp0.  It looks like you might be able to add the specific
entries before this.  Something like:

  map fxp0 192.168.0.120/32 -> 192.168.0.120/32 portmap tcp/udp
10000:40000
  map fxp0 192.168.0.120/32 -> 192.168.0.120/32
  map fxp0 192.168.0.0/24 -> 0/32 portmap tcp/udp 10000:40000
  map fxp0 192.168.0.0/24 -> 0/32

might stop 192.168.0.120 from being translated.  If not, you'll need to
contruct lines such that the one IP address is left out.  For the above
(missing out the portmap ... lines):

  map fxp0 192.168.0.0/26 -> 0/32	#   0 -  63
  map fxp0 192.168.0.64/27 -> 0/32	#  64 -  95
  map fxp0 192.168.0.96/28 -> 0/32	#  96 - 111
  map fxp0 192.168.0.112/29 -> 0/32	# 112 - 119

  map fxp0 192.168.0.121/32 -> 0/32	#    121
  map fxp0 192.168.0.122/32 -> 0/32	#    122
  map fxp0 192.168.0.123/32 -> 0/32	#    123
  map fxp0 192.168.0.124/30 -> 0/32	# 124 - 127
  map fxp0 192.168.0.128/25 -> 0/32	# 128 - 255

J

--=20
  My other computer also runs NetBSD    /        Sailing at Newbiggin
        http://www.netbsd.org/        /
http://www.newbigginsailingclub.org/