On Wed, 4 Aug 1999, Patrick Welche wrote:
> 
> In other words these 5 ip addresses are real, so why bother with ipnat?
> Will something like
>   pass in quick on outside_iface from any to realip/mask_for_block

The 4 machines inside with "real" IP addresses need to peacefully coexist
with a bunch of machines with IPs in 10.0.0.0/8   I'd really rather not
deal with the routing magic that I'd have to create to make that work.

> as an ipf filter rule with similar for outbound do? And maybe see what
> "fastroute" does? As you can see, I'm not very good at this business either!

As I mentioned in a followup to my own email.  The undocumented ipnat
directive "bimap" looks like the answer.

Paul
--
Paul Dokas                                            dokas@cs.umn.edu
======================================================================
Don Juan Matus:  "an enigma wrapped in mystery wrapped in a tortilla."