Re: npf and multiple maps based on destination address

To: Harry Waddell <waddell%caravaninfotech.com@localhost>
Subject: Re: npf and multiple maps based on destination address
From: Mindaugas Rasiukevicius <rmind%netbsd.org@localhost>
Date: Mon, 16 Mar 2015 00:47:43 +0000

Harry Waddell <waddell%caravaninfotech.com@localhost> wrote:
> 
> I'm trying to have npf ( on the latest netbsd 7 beta ) 
> map address onto either an internal dmz network based on the
> destination address being in a fairly large table ( several hundred
> entries ) or map to the WAN address otherwise, e.g. as 
> 
> map vlan200 dynamic $mesh_nattable -> 10.8.200.1 pass from $mesh_nattable
> to <ngroutes> map $wan_if dynamic $wan_nattable -> $wan_if
> 
> Since there's nothing in the syntax to indicate one can do a "map final",
> would something like this work and if so, which rule would get used, the
> first, the last, the most specific? Since this isn't in a group, I'm not
> sure how or if this will work at all. 

Yes, that would work.  Currently, map rules behave as "final" by default,
so you have a first-match.  It is debatable what should be the default and
it could be made configurable via the extended "pass" syntax.

In any case, I should document this.

-- 
Mindaugas

Follow-Ups:
- Re: npf and multiple maps based on destination address
  - From: Harry Waddell

References:
- npf and multiple maps based on destination address
  - From: Harry Waddell

Prev by Date: Coping with "inoinfo: inumber <n> out of range"?
Next by Date: [HEADS-UP] pkgsrc-2015Q1 freeze is now on
Previous by Thread: npf and multiple maps based on destination address
Next by Thread: Re: npf and multiple maps based on destination address
Indexes:

Home | Main Index | Thread Index | Old Index