On Thu, 14 Mar 2002, Darren Reed wrote:

: > : I verified that you can do 1:1 NATs and clamp thereby, without actually
: > : touching IP addresses:
: > :
: > : List of active MAP/Redirect filters:
: > : map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  portmap tcp/udp 40000:42999 mssclamp 1452
: > : map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  mssclamp 1452

: You should have actually read his entire email then, which pointed out
: that "portmap" wasn't needed and was pretty much only there because he
: was too lazy to remove it (or some such).

How would I do the above for an entire internal network (without one line
per internal IP)?

Meaning, there's a network such as:

12.34.56.78/24 - external IP of router
12.34.77.1/28 - internal IP of router
12.34.77.[2-14]/28 - internal IPs of systems

Would I have to put a map line for each one of the IPs 12.34.77.2 through
12.34.77.14?  Or is there a way to do this so the entire /28 gets covered
in one entry, without rewriting any addresses or ports?

I'm trying to apply this to a static-IP internal LAN which has real routed
IPs, which is precisely the situation I'll be in when I switch from cable
modem (where I'm using NAT) to DSL (where I can get a routable netblock, but
may be subject to MSS bogosity).

-- 
-- Todd Vierling <tv@wasabisystems.com>  *  Wasabi & NetBSD:  Run with it.
-- CDs, Integration, Embedding, Support -- http://www.wasabisystems.com/