[Firehol-support] Re: DNAT not working where inface and outface are the same
carlos.efr at mail.telepac.pt
Thu Oct 13 23:10:53 BST 2005
Thomas Arendsen Hein wrote:
> I have this snat rule my firehol.conf:
> snat to "$intip" outface "$intif" src "$intnet" dst "$intnet"
> $public_address should work instead of $intip, too, but I thought
> this to be cleaner.
Yes, that's much cleaner, and the target machines don't always show
$public_address on their logs, which is nice.
> Speaking of cleaner ... now I'm using a split DNS (using views in
> bind9) setup, so LAN clients talk directly to the local IPs of the
> machines, so this SNAT rules aren't really used now.
I thought of that too, but that will have to wait until our DNS servers
get an overhaul (which will probably happen soon, but not soon enough).
Thanks for the tip :)
More information about the Firehol-support