all,
in the current version of the CLI specs, NAT proxy src addresses are
specified per servergroup, thus:
create-servergroup [-s server=hostspec[:portspec...]] \
[-i interface=name|proxy-src=src] groupname
From all I understand (and this quite likely needs correcting ;-) this
information should be given on a *per-rule* basis; given the fact that we
can have more than one rule created using the same servergroup, the current
spec directly conflicts with that requirement (there's also the tiny fact
that the current kernel code expects this information in the rule, not with
individual servers :-)
so, provided I'm not confusing two different concepts here, I propose to
move the proxy-src specification to rule creation, eg sth like this:
create-rule [-e] -i <incoming> -m <method attributes> \
-o <outgoing spec> [-h <healthcheck> ] name
...
-m
type aka topology: "DSR", "half-NAT", "NAT"
...
proxy-src (NAT only): ip[-ip]
replace incoming packets' src address,
or a range of hosts (if second ip is given)
thx
Michael
--
Michael Schuster http://blogs.sun.com/recursion
Recursion, n.: see 'Recursion'
