[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nat.conf to NAT or not to NAT.

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: nat.conf to NAT or not to NAT.
From: "Peter Strömberg" <peters_(_at_)_telia_(_dot_)_net>
Date: Fri, 26 Oct 2001 13:53:40 +0200
Organization: Telia Carrier & Networks

On 26 Oct 2001 at 9:50, Jan Johansson wrote:

> Hi,
> 
> I have tried to understand the nat.conf man page but I can figure
> out how to do this.
> 
> We have a number of "black" nets and three routable. I would like
> to have the black nets NATed when we go outside our gateway
> router but not inside.
> 
> Connection is like.
> 
> Internet <-> Cisco <-> Routable ips <-> Gateway <-> black nets
> 
> Gateway has 17 interfaces, 1 with routable ip and 16 different
> black nets.
> 
> So, would the rules be like
> 
> our_nets={ 128.10.10.1/24, 128.10.11.1/24, 192.168.13.1/24 }
> 
> nat on if1 ! our_nets from 192.168.1.0/24 to any ->
> 128.10.10.4/32

Internal traffic will never go out on your external interface unless 
your
routing is really screwed up.

You just need to specify your private addresses in the nat rule:

$extif="if"
$extip="128.10.10.4"
nat on $extif from 192.168.1.0/24 to any -> $extip

/Peter

Prev by Date: RE: Kernel build request: GENERIC 3.0-current with 4 tun devices.
Next by Date: dmz questions
Previous by thread: RE: Kernel build request: GENERIC 3.0-current with 4 tun devices.
Next by thread: Re: nat.conf to NAT or not to NAT.
Index(es):
- Date
- Thread

Visit your host, monkey.org