npf and multiple maps based on destination address

To: netbsd-users%netbsd.org@localhost
Subject: npf and multiple maps based on destination address
From: Harry Waddell <waddell%caravaninfotech.com@localhost>
Date: Sat, 14 Mar 2015 23:50:07 -0700

I'm trying to have npf ( on the latest netbsd 7 beta ) 
map address onto either an internal dmz network based on the
destination address being in a fairly large table ( several hundred entries ) or map
to the WAN address otherwise, e.g. as 

map vlan200 dynamic $mesh_nattable -> 10.8.200.1 pass from $mesh_nattable to <ngroutes>
map $wan_if dynamic $wan_nattable -> $wan_if

Since there's nothing in the syntax to indicate one can do a "map final", would something
like this work and if so, which rule would get used, the first, the last, the most specific?
Since this isn't in a group, I'm not sure how or if this will work at all. 

I have this working in ipfilter using a script that makes a very, very
long ipnat.conf file, but I'd like to try and use npf now so I'd appreciate any pointers. 

Thanks. 

Harry Waddell

Follow-Ups:
- Re: npf and multiple maps based on destination address
  - From: Mindaugas Rasiukevicius

Prev by Date: Re: using gcc -w
Next by Date: Coping with "inoinfo: inumber <n> out of range"?
Previous by Thread: net.inet.tcp.tso=0
Next by Thread: Re: npf and multiple maps based on destination address
Indexes:

Home | Main Index | Thread Index | Old Index