On Fri, 28 Dec 2001, Jean-Edouard BABIN wrote:

> I have tried this in /etc/ipnat.conf :
>
> map tl0 192.168.0.0/24 -> 62.2.186.251/32

What this does, is every packet that goes out on tl0 with a source
address of 192.168.0.x will have that source address re-written, to
62.2.186.251...

> map tl0 192.168.0.0/24 -> 62.2.186.251/32 proxy port ftp ftp/tcp
> map tl0 192.168.0.0/24 -> 62.2.186.251/32 portmap tcp/udp 1025:65535

...so these rules never get reached for any particular packet.

> (then I did ipnat -f /etc/ipnat.conf)
>
> And this not work but I don't know if I can do that because 192.168.0.1 is
> an alias:

You only have one interface on the NAT box? That makes it very difficult
or impossible to use NAT. With the rules above, which would be the
natural way to use NAT with two interfaces (if tl0 were the external
interface), you will be re-writing the source address of every outgoing
packet from the NAT host, even packets from 192.168.0.1 to 192.168.0.2!

> tl0: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         address: 00:80:5f:35:55:67
>         media: Ethernet autoselect (10baseT)
>         status: active
>         inet 62.2.186.251 netmask 0xffffff80 broadcast 255.255.255.255
>         inet alias 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
>
> And I want to access to the net from a computer with ip 192.168.0.2

Try this:

map tl0 192.168.0.2/32 -> 62.2.186.251/32 proxy port ftp ftp/tcp
map tl0 192.168.0.2/32 -> 62.2.186.251/32 portmap tcp/udp 1025:65535
map tl0 192.168.0.2/32 -> 62.2.186.251/32

Frederick