Re: ipnat problem with two LAN networks

To: Frank Wille <frank%phoenix.owl.de@localhost>
Subject: Re: ipnat problem with two LAN networks
From: Dave B <spam%y2012.dberg.net@localhost>
Date: Tue, 24 Jan 2012 19:25:24 -0500

On Tue, Jan 24, 2012 at 05:04:56PM +0100, Frank Wille wrote:
> On Tue, 24 Jan 2012 16:14:22 +0100
> Rhialto <rhialto%falu.nl@localhost> wrote:
...
> > Maybe you can use some "fast" rules before the "map" rules in the hope
> > that they get processed first... but I wouldn't count on it.
> 
> But which? My problem is that I cannot even think of a rule which can
> help me in this case. There is no "exclude" rule.

  To be thorough and attempt to answer that question: it might be
possible to achieve exclusion, albeit inelegantly, by explicitly
listing all translation-needed addresses--using bitmasks(*) to make
the list manageably-sized, as below--and purposely calculating the
192.168.x.x network not to be in the list.

  On the other hand, I've never tried this idea myself and I don't
know if it works or if the snippet is even syntactically correct.
I also doubt it's truly a proper solution for various reasons;
e.g., it's sloppy about still including ranges that it maybe
shouldn't (169.x.x.x?).  Not to mention, it's hard to understand; I
had to work everything out in binary.

  In any case,

> map vr0 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000

    except 192.168.0.0/16...

  becomes

map vr0 from 10.0.0.0/24 to 0.0.0.0/1 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 128.0.0.0/2 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.0.0.0/9 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.128.0.0/11 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.160.0.0/13 -> 0/32 portmap tcp/udp 40000:60000
# exclude this one:
#map vr0 from 10.0.0.0/24 to 192.168.0.0/16 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.169.0.0/16 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.170.0.0/15 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.172.0.0/14 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.176.0.0/12 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 192.192.0.0/10 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 193.0.0.0/8 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 194.0.0.0/7 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 196.0.0.0/6 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 200.0.0.0/5 -> 0/32 portmap tcp/udp 40000:60000
map vr0 from 10.0.0.0/24 to 208.0.0.0/4 -> 0/32 portmap tcp/udp 40000:60000
# multicasts can't be generically NAT'ed, can they?:
#map vr0 from 10.0.0.0/24 to 224.0.0.0/3 -> 0/32 portmap tcp/udp 40000:60000

> map vr0 10.0.0.0/24 -> 0/32

  and something similar may have to be done for the above one, too.

Cheers,  --Dave B.
Boston, MA

(*) I think something like this was already proposed on a NetBSD
list a few years ago, although I didn't search for it to double
check.

Follow-Ups:
- Re: ipnat problem with two LAN networks
  - From: Frank Wille

References:
- ipnat problem with two LAN networks
  - From: Frank Wille
- Re: ipnat problem with two LAN networks
  - From: Rhialto
- Re: ipnat problem with two LAN networks
  - From: Frank Wille

Prev by Date: Re: X server for Cirrus Logic CL-GD5434
Next by Date: Re: Embedded NetBSD USB
Previous by Thread: Re: ipnat problem with two LAN networks
Next by Thread: Re: ipnat problem with two LAN networks
Indexes:

Home | Main Index | Thread Index | Old Index