Not according to the manpages
In the example below, fxp1 is the outside interface; the machine sits
be-tween a fake internal 144.19.74.* network, and a routable external IP
of 204.92.77.100. The no nat rule excludes protocol AH from being
translated.
# NO NAT
no nat on fxp1 proto ah from 144.19.74.0/24 to any
nat on fxp1 from 144.19.74.0/24 to any -> 204.92.77.100
:-/ hmmmmmmm
On Thu, 2003-03-20 at 12:23, Jacek Artymiak wrote:
> On Thu, Mar 20, 2003 at 11:02:03AM -0800, Bryan Irvine wrote:
> > I read the rules on "no nat" and thought I had it configured correctly.
> > ...
> > no nat on $WAN from $LAN to $DMZ
> > no nat on $WAN from $DMZ to $LAN
> > nat on $WAN inet from $LAN to any -> ($WAN)
> > nat on $WAN inet from $DMZ to any -> ($WAN)
>
> since the last matching rule wins, shouldn't this be
>
> nat on $WAN inet from $LAN to any -> ($WAN)
> nat on $WAN inet from $DMZ to any -> ($WAN)
> no nat on $WAN from $LAN to $DMZ
> no nat on $WAN from $DMZ to $LAN
>
> ???
>
> Best regards,
>
> Jacek Artymiak
>
