On 2/15/07 11:01 AM, "Darren Reed" <avalon@caligula.anu.edu.au> wrote:
> In some mail from Peter Eisch, sie said:
>>
>>
>> I have an excerpt like this:
>>
>> # **** hide the office from others ****
>> map en0 from 201.2.30.0/24 to any -> 201.3.34.25/32 proxy port ftp ftp/tcp
>> map en0 from 201.2.30.0/24 to any -> 201.3.34.25/32 portmap auto
>> map en0 from 201.2.30.0/24 to any -> 201.3.34.25/32
>> # end of office hiding
>>
>> Which enables me to hide all the office traffic behind the address noted. I
>> now have a need to leak the office traffic out to systems on the
>> 201.3.34.24/29 LAN.
>>
>> For example, traffic between 201.2.30.22 and 201.3.34.27 would not be NAT'd.
>>
>> Is there way clever way to rewrite the rule to use !to or some sort of
>> boolean logic so I don't have to fully enumerate the 'any' in the above
>> example?
>
> In map rules, you can do exactly that - say "!to":
>
> map en0 from 201.2.30.0/24 ! to 201.3.34.24/29 -> 201.3.34.25/32
>
Holy Snikes! It works!
Thanks Darren.
I should probably put together a collection of extremely useful but
potentially obscure configuration examples. I could at least find examples
for myself somewhat cogently.
peter
|