[Firehol-support] Re: DNAT not working where inface and outface are the same

Carlos Rodrigues carlos.efr at mail.telepac.pt
Thu Oct 13 23:10:53 BST 2005


Thomas Arendsen Hein wrote:
> I have this snat rule my firehol.conf:
> snat to "$intip" outface "$intif" src "$intnet" dst "$intnet"
> 
> $public_address should work instead of $intip, too, but I thought
> this to be cleaner.

Yes, that's much cleaner, and the target machines don't always show 
$public_address on their logs, which is nice.

> Speaking of cleaner ... now I'm using a split DNS (using views in
> bind9) setup, so LAN clients talk directly to the local IPs of the
> machines, so this SNAT rules aren't really used now.

I thought of that too, but that will have to wait until our DNS servers 
get an overhaul (which will probably happen soon, but not soon enough).

Thanks for the tip :)

Carlos Rodrigues




More information about the Firehol-support mailing list