On Fri, 28 May 2004 21:27:42 +0100 Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> wrote: > 1. Give us a specific example of what you want to happen, showing us the > source & destination addresses & port numbers for machines A & B, so we can > see exactly what you want to do Okay, maybe this time I'm better at it. There is a thing called 'binat' on OpenBSD. 'binat' does NAT on _all_ incoming and outgoing connections on a specific interface, so I guess it is basically SNAT and DNAT combined in Netfilter jargon. So let's say there a router "R" with an interface called ppp0 (1.1.1.1) and another one called eth0 (192.168.1.1/24), and a last one called eth1 (192.168.2.1/24). Moreover assume a box called 'A' on the eth0 network, and another one called 'B' on the eth1 network. So think of 'A' as my main working machine - it runs a webserver and maybe a lot more listening daemons. So I'd like to redirect any connections to R/ppp0:* to 'A' - with ports preserved of course. Also, any connection from eth0 which is routed via R/ppp0 must get translated - again, preferably (but this time not a must) without any port changing. That's the thing for box 'A' - not much of a problem for Netfilter, I suppose. Now 'B' comes into play. 'B' wants the standard NAT via R/ppp0 to the internet - no special stuff with ports here, just standard SNAT. Now, will there be any conflicts with this setup? Is it possible at all? To make things even more complicated, some ports should be excluded from the DNAT R/ppp0:* -> A, like 6667, because I want to run an IRC server on R (which is up 24/7). I hope this time my explanations are easier to understand as I don't like wasting other people's time for nothing. Thanks! Leslie
