Subject: Re: Question about ipf and ipnat
To: None <firstname.lastname@example.org, email@example.com>
From: Henry B. Hotz <firstname.lastname@example.org>
Date: 10/08/2001 10:16:52
At 10:08 PM -0700 10/7/01, Seth Kurtzberg wrote:
>I haven't been able to determine exactly how to construct the input rules,
>however. Do I use the translated address on the filter rules?
>For the corresponding input filter rule, do I use:
> pass in from any to 220.127.116.11/32 port = 80 group 100
>or should I be using:
> pass in from any to 192.168.1.3/32 port = 80 group 100
NAT is done first. Use the second rule.
I have a redirect to an HP JetDirect interface on a two-node "LAN"
and found this out the hard way. ;-) It's actually documented
somewhere in one of the FAQ's or something.
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or email@example.com