Very Computer

by **none** » Sat, 10 Mar 2001 05:14:20

I have a small private network (192.168.0.0) with an openbsd 2.8 firewall
and I was wondering how will ipnat work without using the portmap option.
For example, if my ipnat.rules only holds this line:

map ne1 192.168.0.0/24 -> 216.227.12.153/32

and NOT this line

#map ne1 192.168.0.0/24 -> 216.227.12.153/32 portmap tcp/udp 50000:65535

what are the implications? It seems to work so far. Forward mappings keep
the src port and do not portmap which is good for different reasons. Will I
run into any problems?

by **Joseph A. Knapk** » Sun, 11 Mar 2001 15:13:36

> I have a small private network (192.168.0.0) with an openbsd 2.8 firewall
> and I was wondering how will ipnat work without using the portmap option.
> For example, if my ipnat.rules only holds this line:

> map ne1 192.168.0.0/24 -> 216.227.12.153/32

> and NOT this line

> #map ne1 192.168.0.0/24 -> 216.227.12.153/32 portmap tcp/udp 50000:65535

> what are the implications? It seems to work so far. Forward mappings keep
> the src port and do not portmap which is good for different reasons. Will I
> run into any problems?

Then a connection from an internal machine *originating* at port
5000 will get mapped to 216.227.12.153:5000. That is, only the address
will be translated, and the port will be left alone. This could cause
problems if two machines on your internal network happened to choose
the same port for an outgoing connection.

HTH,

-- Joe Knapka
"It was just a maddened crocodile hidden in a flower bed. It could
have happened to anyone." -- Pratchett

Very Computer

ipnat without portmap

ipnat without portmap

ipnat without portmap