--gb4bweTRjl1pQhan
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 29, 2005 at 02:21:37PM +0100, Patrick Welche wrote:
> >From ipnat -l, I have
>=20
> map ex1 192.168.0.0/24 -> x.y.z.1/32 proxy port ftp ftp/tcp
> map ex1 192.168.0.0/24 -> x.y.z.1/32 portmap tcp/udp 10000:65000
> map ex1 192.168.0.0/24 -> x.y.z.1/32
> bimap ex1 192.168.0.180/32 -> x.y.z.180/32 proxy port ftp ftp/tcp
>=20
> yet, when I ssh out from 192.168.200.180, finger prlw1 tells me I am
> connecting from x.y.z.1 rather than x.y.z.180.
>=20
> According to the rules /32 should take precedence over /24, so what is
> wrong?

Nothing.  ipnat works in a "first-match" way, contrary to ipf.

--=20
Quentin Garnier - cube@cubidou.net - cube@NetBSD.org
"When I find the controls, I'll go where I like, I'll know where I want
to be, but maybe for now I'll stay right here on a silent sea."
KT Tunstall, Silent Sea, Eye to the Telescope, 2004.

--gb4bweTRjl1pQhan
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iQEVAwUBQxMMfdgoQloHrPnoAQLmpAgAuQvuKxnNjH1LtTweqGgG80EidcQcj5Ex
GNPWVQdJrnsVR3F3KaumBb/eS+wj0/ElrYFdCnprjpJeG3a7XbQhl+XMlVGpfr0E
NfQtot81R2XPwaeBSzjeBppBmIFRFk6ojuNOrGev/OAJBRi+aZiN0jBRDO03o+J1
BFHRjg4kHpbVLRd7xNMDQuRNh/6HX+DDC9liW2kLF/Svndn6FRHKZDwpnJ+zV/Yc
Mc+RWEIodjjipJpgZ0KbaBlovQnX3Ct8Qbq3/d3o6k0bP1x93WDKDGEMpeRWizG8
IzSuz3MiyeNnGBLzUp33lu1RF5G65a/saRPfktWn6+7gAUL1AE0h3w==
=sgXu
-----END PGP SIGNATURE-----

--gb4bweTRjl1pQhan--