[ On Wednesday, March 13, 2002 at 17:15:31 (-0500), Todd Vierling wrote: ]
> Subject: Re: MSS clamping proposal
>
> How would I do the above for an entire internal network (without one line
> per internal IP)?
> 
> Meaning, there's a network such as:
> 
> 12.34.56.78/24 - external IP of router
> 12.34.77.1/28 - internal IP of router
> 12.34.77.[2-14]/28 - internal IPs of systems
> 
> Would I have to put a map line for each one of the IPs 12.34.77.2 through
> 12.34.77.14?  Or is there a way to do this so the entire /28 gets covered
> in one entry, without rewriting any addresses or ports?

I don't see any reason why a whole new "ipmap" keyword couldn't be
introduced.  Just because some feature is in the NAT code doesn't mean
the configuration language has to hide it under an existing
configuration item.

How about something like this extension to the grammar:

	ipmap ::= mapblock | redir | map | mssclamp .

	mssclamp ::= "mssclamp" ifname "mss" mssvalue .
	mssvalue ::= decnumber | "if_mtu" .

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>