Thank you very much. Perfect, exactly, the rutes are ok and we have
minimized extraordinally the ping time. Now all LAN's are connected to the
internet faster !!

Jandemore & Rtor

----- Original Message -----
From: "Steve Woodford" <scw@wasabisystems.com>
To: "jandemore" <jdomingo@acidh.org>
Cc: <tech-net@netbsd.org>
Sent: Wednesday, July 31, 2002 2:04 PM
Subject: Re: problems with route-firewall


> On Tue, 30 Jul 2002, jandemore wrote:
>
> > We have a firewall runing in NetBSD with 4 ethernet cards.
> > The first one ( with the ip 200.200.1.150) is conetct to Adsl router
(with
> > ip 200.200.1.1)
> > The secoond one ( 10.1.1.1) to a lan (10.1.0.0)
> > The third one ( 10.2.1.1) to a lan (10.2.0.0)
> > The second one ( 10.3.1.1) to a lan (10.3.0.0)
>
> Your ipnat.conf can be simplified to just three rules:
>
>   #
>   # fxp0 - (external) connection to ISP, address 200.200.1.150/32
>   #
>   map fxp0 10.0.0.0/8 -> 200.200.1.150/32 proxy port ftp ftp/tcp
>   map fxp0 10.0.0.0/8 -> 200.200.1.150/32 portmap tcp/udp auto
>   map fxp0 10.0.0.0/8 -> 200.200.1.150/32
>
> That's all you need in order to NAT your internal address space to your
> single ISP assigned address.
>
> Replace "auto" with 20000:65000 (or whatever) if you want manual control
> over the port reassignments.
>
> Cheers, Steve
>
> --
>
> Wasabi Systems Inc. - The NetBSD Company - http://www.wasabisystems.com/
>
>
>
>