On 06/12, Yasin Yilmaz wrote: > Hello, From the `man 5 ipnat` an example is given as following: > > To change IP#'s used internally from network 10 into an ISP > provided 8 > bit subnet at 209.1.2.0 through the ppp0 interface, the following > would > be used: > > map ppp0 10.0.0.0/8 -> 209.1.2.0/24 > > How does a firewall handle reply traffic for these nat'ted traffic? > Where do we map a network to another network (not one of our firewalls > IPs!!!), can anyone give another example of using this kind of nat mapping? > > Yasin
If you are talking about ipfilter on the NAT box itself, you should save state (with "keep state") for incoming packets. This will make reply packets pass right through. FYI packets are NAT:ed before they reach ipfilter. All of this is described in the IPFilter FAQ. http://www.google.com/search?q=ipfilter Your question about NAT:ing between networks is pretty vague. Can you provide any more information on the setup? The standard scenario would be to put the NAT box between the two network segments. -km
