ipnatctl: exclude addresses

Paul Rusty Russell Paul.Russell@rustcorp.com.au
Fri, 24 Sep 1999 11:26:06 +0930


In message <19990923085330.A17728@vergenet.net> you write:
> On Thu, Sep 23, 1999 at 03:43:02PM +1000, Harry Holt wrote:
> > ipnatctl -I -p tcp -s 10.21.64.19/36 -b dest
> 
> I put in ipnatctl -I -s 10.21.0.0/16 -d 192.168.8.0/24 -b dest
> and this seems to have the effect of not mangling packets from
> 10.21.0.0/16 destined for 192.168.8.0/24. As it happens 10.21.0.0/16
> needs to be masqueraded to the outside world but I assume that 
> ipnatctl -I -s 10.21.0.0/16 would not mangle any packets from 10.21.0.0/16.

Use -b source, not -b dest.  You'll get away with it 99.9% of the time
(since the code always tries to do a null mapping if it can), but
should there ever be a clash (which shouldn't happen on your layout),
it'll think `let's try mapping to a different IP in the range... OK,
0.0.0.0 is free...'

NAT is fucking ugly,
Rusty.
--
Hacking time.