[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT negation

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: NAT negation
From: "Joseph C. Bender" <benderjc_(_at_)_benderhome_(_dot_)_net>
Date: Thu, 25 Jul 2002 18:12:55 -0400

At 11:20 AM 7/25/2002 -0500, you wrote:
>That was actually a typo on my behalf. I meant { ! 1.2.3.4/32, !
>1.2.3.6/32 } like you said as well, however this has not worked for me
>either. In fact, when I use that syntax, neither IP is excluded.
>
>--Chris
>
>On Thu, Jul 25, 2002 at 10:59:00PM +0200, Claudio Jeker wrote:
>> On Thu, Jul 25, 2002 at 10:13:54 -0500, Chris Wage wrote:
>> > Hi, I have a question regarding the negation (!) operator's use.
>> >
>> > I have been trying for some time now to figure out a way to exclude
>> > more than one host from redirection in NAT and failing.
>> >

Trying to stay in the conversational thread here.

Looking at the BNF for 3.1 nat.conf in the manpage why not do a:

no rdr on dc1 proto tcp from any to { 1.2.3.4/32, 1.2.3.6/32 } port 21
rdr on dc1 proto tcp from any to any port 21 -> 127.0.0.1 8081

The manpage says: "Rules prefixed with "no" lead to no translation.  Such
rules can be used to exclude certain connections from being translated."

I hope I'm interpreting it correctly, didn't have a chance to test, but
this may be what you're looking for.

Signing off, 

Joseph C. Bender
benderjc (at) benderhome.net   ;   jcbender (at) benderhome.net
This account is used primarily for reading and responding to mailing list
traffic and is not my main mailing address.

References:
- Re: NAT negation
  - From: Claudio Jeker
- NAT negation
  - From: Chris Wage

Prev by Date: Re: NAT negation
Next by Date: Re: NAT negation
Previous by thread: Re: NAT negation
Next by thread: file I/O routines
Index(es):
- Date
- Thread

Visit your host, monkey.org