[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Limited bidirectional NAT
From:       per+ipfilter () bluetail ! com (Per Hedeland)
Date:       2002-01-30 16:07:22
[Download RAW message or body]

Darren Reed <darrenr@reed.wattle.id.au> wrote:
>In some email I received from per+ipfilter@bluetail.com, sie wrote:
>> 
>> Well, it seems the answer to that is "No, it works only for TCP as
>> given" - appending "tcp/udp" makes it work for UDP too, but still not
>> for ICMP (of course). Too bad... - makes the alternatives still
>> interesting, I think.
>
>rdr fxp3 12.116.66.161/32 port 0 -> 192.168.128.1 port 0 icmp

Yes! Or even better, after trying that and the "tcp/udp/icmp" combo
(both of which worked, though the latter "accidentally" I think), I
found (from the source:-) that I could use just "ip" to cover everything
(and make the "port" part a bit less of an "eye-sore":-).

>the syntax sucks, I know.

No disagreement from me there:-) - it really would be nice to be able to
do away with the port/proto stuff and just say "redirect address X to
address Y" when that is what you want, I think. Perhaps a new verb
"rdrall" or somesuch could be introduced if it makes the parsing simpler
(FreeBSD's natd has "redirect_(port|address|proto)"...). Some updates to
the man page would be nice too:-), would have saved you the trouble of
answering these questions!

Thanks again!

--Per Hedeland
per@bluetail.com

[prev in list] [next in list] [prev in thread] [next in thread]