From owner-freebsd-security  Mon Jun 18 11:34:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from newton.pconline.com (newton.pconline.com [206.145.48.1])
	by hub.freebsd.org (Postfix) with ESMTP id 7FFB837B403
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Jun 2001 11:34:21 -0700 (PDT)
	(envelope-from chris@pconline.com)
Received: from localhost (chris@localhost)
	by newton.pconline.com (8.8.5/8.8.5) with SMTP id NAA20808
	for <freebsd-security@FreeBSD.ORG>; Mon, 18 Jun 2001 13:34:13 -0500
Date: Mon, 18 Jun 2001 13:34:13 -0500 (CDT)
From: Chris Kesler <chris@pconline.com>
To: freebsd-security@FreeBSD.ORG
Subject: ipnat.conf oddity
Message-ID: <Pine.LNX.3.95.1010618132448.5151M-100000@newton.pconline.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This is my current ipnat.conf file.

map vx0 192.168.1.0/24 -> 0/32 portmap tcp/udp 1025:65000
map vx0 192.168.1.0/24 -> 0/32

Notice that the address to the right of the -> is 0.  I discovered by
accident that this configuration works on my system.  I'm using ipnat and
ipf on 4.3-RELEASE.

I couldn't find any docs describing why this config works.  I have a cable
modem connection, and the DHCP-assigned IP address changes once in a
while. I wonder if this is a feature intended to allow me to continue to
forward packets after my address changes.  Or is it a bad idea to run the
box this way?



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message