Date: Wed, 23 Apr 1997 21:46:08 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: chris@dilbert.bb.cc.wa.us (Chris Coleman) Cc: avalon@coombs.anu.edu.au, hackers@freebsd.org Subject: Re: IPFILTER Message-ID: <199704231153.EAA25862@hub.freebsd.org> In-Reply-To: <Pine.BSF.3.91.970422135817.10245B-100000@dilbert.bb.cc.wa.us> from "Chris Coleman" at Apr 22, 97 02:04:59 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Chris Coleman, sie said: > > I am running IPNAT and > Currently i have this as the only rule in my rule set, so everyone comes > back as the same person from the DNS. > > map fxp0 10.0.0.0/8 -> 208.8.136.10/32 portmap tcp/udp 10000:65000 > > I would like to split up the domain in to 5 sections (according to > buildings) and map all the buildings separately to different ip addresses. > And have the last rule catch all of the other connections and run them > through current ip address. > > I tried to do this, but couldn;t figure out how to make a rule to "catch > all" of the remaining ones. Do rules have precedence? what if i just > want to map one ip address to a specific ip address and catch all the > rest through the normal rules? Rules are parsed, top to bottom. So if you put your "catch-all" last, it will work. Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704231153.EAA25862>