ipnat without portmap

ipnat without portmap

Post by none » Sat, 10 Mar 2001 05:14:20



I have a small private network (192.168.0.0) with an openbsd 2.8 firewall
and I was wondering how will ipnat work without using the portmap option.
For example, if my ipnat.rules only holds this line:

map ne1 192.168.0.0/24 -> 216.227.12.153/32

and NOT this line

#map ne1 192.168.0.0/24 -> 216.227.12.153/32 portmap tcp/udp 50000:65535

what are the implications? It seems to work so far. Forward mappings keep
the src port and do not portmap which is good for different reasons. Will I
run into any problems?

 
 
 

ipnat without portmap

Post by Joseph A. Knapk » Sun, 11 Mar 2001 15:13:36



> I have a small private network (192.168.0.0) with an openbsd 2.8 firewall
> and I was wondering how will ipnat work without using the portmap option.
> For example, if my ipnat.rules only holds this line:

> map ne1 192.168.0.0/24 -> 216.227.12.153/32

> and NOT this line

> #map ne1 192.168.0.0/24 -> 216.227.12.153/32 portmap tcp/udp 50000:65535

> what are the implications? It seems to work so far. Forward mappings keep
> the src port and do not portmap which is good for different reasons. Will I
> run into any problems?

Then a connection from an internal machine *originating* at port
5000 will get mapped to 216.227.12.153:5000. That is, only the address
will be translated, and the port will be left alone. This could cause
problems if two machines on your internal network happened to choose
the same port for an outgoing connection.

HTH,

-- Joe Knapka
"It was just a maddened crocodile hidden in a flower bed. It could
have happened to anyone." -- Pratchett

 
 
 

1. ipnat without portmap

I have a small private network (192.168.0.0) with an openbsd 2.8 firewall
and I was wondering how will ipnat work without using the portmap option.
For example, if my ipnat.rules only holds this line:

map ne1 192.168.0.0/24 -> 216.227.12.153/32

and NOT this line

#map ne1 192.168.0.0/24 -> 216.227.12.153/32 portmap tcp/udp 50000:65535

what are the implications? It seems to work so far. Forward mappings keep
the src port and do not portmap which is good for different reasons. Will I
run into any problems?

-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----==  Over 80,000 Newsgroups - 16 Different Servers! =-----

2. XWPE - no Backspace

3. Linux RedHat 3.03 Problems

4. IPNAT question: rationale behind "portmap" option?

5. 2.5.13 IDE PIO mode Fix

6. ipnat question for ipnat hacker

7. ftp server problem

8. RPC services without binding to RPC Bind/PortMap?

9. rpc.portmap (p10, p11, and p12) AND portmap (p4)

10. Network without cable connection or without modem.

11. telneting into a computer without a monitor and without a keyboard

12. No networking without a driver, No driver without networking???