From owner-freebsd-questions@FreeBSD.ORG  Sun Apr  2 02:09:47 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E6DF16A422
	for <freebsd-questions@freebsd.org>;
	Sun,  2 Apr 2006 02:09:47 +0000 (UTC) (envelope-from pjah@hicom.net)
Received: from ns1.hicom.net (ns1.hicom.net [208.245.180.8])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D350E43D45
	for <freebsd-questions@freebsd.org>;
	Sun,  2 Apr 2006 02:09:46 +0000 (GMT) (envelope-from pjah@hicom.net)
Received: from [127.0.0.1] (pool-68-239-199-32.nwrk.east.verizon.net
	[68.239.199.32]) (authenticated bits=0)
	by ns1.hicom.net (8.13.6/8.13.6) with ESMTP id k3229j5T048939
	for <freebsd-questions@freebsd.org>;
	Sat, 1 Apr 2006 21:09:46 -0500 (EST)
Message-ID: <442F3268.30409@hicom.net>
Date: Sat, 01 Apr 2006 21:09:44 -0500
From: Juergen Heberling <pjah@hicom.net>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <442EEABE.5000803@hicom.net> <442F2B69.40503@locolomo.org>
In-Reply-To: <442F2B69.40503@locolomo.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Relayed-By: GPGrelay Version 0.959 (Win32)
Subject: Re: ipnat syntax error?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Apr 2006 02:09:47 -0000



Erik Nørgaard wrote:
> Juergen Heberling wrote:
>> Could someone please check me on this ...
>>
>> fw1# ipnat -CFn -f /etc/ipnat.rules
>> 0 entries flushed from NAT table
>> 1 entries flushed from NAT list
>> syntax error error at "-", line 1
>>
>> /etc/ipnat.rules contains:
>> map  em0 192.168.1.0/24 -> 204.134.75.1-10
>> .. snip ..
>>
>> line 1 in the rules file is the example from the FreeBSD handbook.
>> I'm running FreeBSD6.0 stable.
> 
> It seems to be a documentation bug, the ipf-howto.txt distributed with 
> ipfilter makes no mention of that notation, instead you should use cidr 
> notation, for example
> 
>   204.134.75.0/29
> 
> Erik
> 
> 
Erik,

Thank you for the quick response.
I tried your suggestion of using the cidr notation format and that work; 
thank you!

However I am concerned about overlapping mappings in the cidr range with 
host-to-host maps - my cidr range is a /28, for example,
and I want to map (spoof) some IP address in the middle to, say the web 
or mail servers.  In order to avoid the overlap I was counting on the 
"range" specification on the map command.

TIA for any suggestions.
Juergen