Carson Gaspar wrote: > Darren Reed wrote: >> Eric, >> >> You've got a LAN split across two different sides of a host. >> When a host on either side is going to try and talk directly to >> a host on the other side, it is going to ARP for that address. >> ARP packets aren't routed. You need a proxy ARP daemon >> to do that for you. >> >> If you don't want to do that then you can't do what you want >> to do, period. > > Sorry Darren, that's not what he wants, and you're wrong (unless _I'm_ > the one on crack today...). He's talking about what some vendors call > "illegal NAT", where the two different subnets that happen to have the > same address appear in two places. In reality, this happens a _lot_ > with corporate acquisitions. > > Looking at the docs, it appears that ipfilter does not support NAT on > the source address of incoming packets (destination address of > outgoing packets), so it can't handle this. If I'm wrong Darren, > please correct me.
At the moment that's only possible with 5.0.2 using "rewrite" rules with ipnat where you can specify both a new source and destination address/post. There's still more code I want to write before 5.1 :) Darren
