[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: bimap question
From:       Darren Reed <darrenr () cyber ! com ! au>
Date:       1997-12-23 6:15:59
[Download RAW message or body]

In some mail I received from Sen Nagata, sie wrote
> 
> > Translation of packets is done from top-to-bottom order as in your
> > configuration file (or output from ipnat -l).  If you have a range of
> > ports 10000:20000, the first mapping is made to 10000, the next to 10001
> > and so on, until it gets to 20000.  If the port number it tries to map
> > to is already in use, it will try the next one.
> 
> i see.  so, the algorithm is the same for a 'map' line w/o a 'portmap'
> specification?

No.  If there is no portmap, the port number is unchanged.

> > > 2) is there a way to delete certain active nat table entries without
> > > deleting all entries?
> > 
> > No.
> 
> how hard would this be to implement...and is it a bad/unuseful idea?

Hmmm, I'll have to think about it - not hard..

> is it possible that by misconfiguring things i could have caused
> source addresses of incoming packets to be rewritten?

Yes.  All of your bimap/map/rdr rules should only be for the external
interface.

Darren

[prev in list] [next in list] [prev in thread] [next in thread]