On Wed, Mar 13, 2002 at 04:42:08PM -0500, Todd Vierling wrote:
> On Wed, 13 Mar 2002, Martin Husemann wrote:
> 
> : I verified that you can do 1:1 NATs and clamp thereby, without actually
> : touching IP addresses:
> :
> : List of active MAP/Redirect filters:
> : map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  portmap tcp/udp 40000:42999 mssclamp 1452
> : map pppoe0 217.0.156.252/32  -> 217.0.156.252/32  mssclamp 1452
> 
> The presence of `portmap' means that you're still fiddling with port
> numbers, even if the IP address of the machine does not change.  Plus, given
> the configuration above, you'd have to have multiple rules for every single
> machine behind the gateway, rather than just saying "connections through
> interface foo0 need mssclamping".  This is still biased to NATted machines.
> 
> Again, it doesn't belong in NAT unless you can come up with a map rule that
> allows addresses and port of multiple real-IP machines to pass through
> untouched.

Would the following work?
bimap pppoe0 217.0.156.0/24  -> 217.0.156.0/24  mssclamp 1452

-Andrew