From owner-freebsd-security Thu May 9 10: 1: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.npubs.com (npubs.com [207.111.208.224]) by hub.freebsd.org (Postfix) with ESMTP id 5584B37B414 for ; Thu, 9 May 2002 10:00:45 -0700 (PDT) Received: 8.12.2-(Neptune) Received: 8.12.2-(Venus) Received: 8.12.2-(Neptune) From: "Nielsen" To: References: <3CDA988D.34E2148C@centtech.com> Subject: Re: ipnat and bimapping MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20020509170045.5584B37B414@hub.freebsd.org> Date: Thu, 9 May 2002 10:00:45 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Works for me. The two ranges also don't overlap. In my experience, however, even if they do ipnat is smart enough to handle certain overlapping subnets properly. I think last rule wins. ----- Original Message ----- > Would bimap'ing the 24.24.24.1/32 address to 10.10.20.2/32 work? Or would that > screw up my nat'ing of the 10.10.10.0/24 net? I need all ports NOT nat'ed to > 10.10.10.0/24 to go to 10.10.20.2/32. Am I asking for trouble on the protected > net, or is this safe? Is bimap the right thing to use? > > How big is the gun that I am about to use to shoot myself in the foot? > > Eric To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message