On Tue, 16 Jun 1998, Takahiro Kambe wrote:

> Based on /usr/share/examples/ipf/nat.eg as an example,
> ipnat.rules bellow works on FreeBSD with ip-filter (not firewall
> function with FreeBSD).
> 
> map ed1 10.1.0.0/16 -> 240.1.0.1/32 proxy ftp ftp/tcp
> map ed1 10.1.0.0/16 -> 240.1.0.1/32 portmap tcp 10000:20000
> map ed1 10.1.0.0/16 -> 240.1.0.0/24

This could be bad news for some devices, since the 240.x.x.x address
range falls into the "reserved" Class E (E = Experimental) range, and
some devices might well discard them.

You'd be much better off using the address ranges that are officially
reserved for use in private networks (including those behind NATs):

	10.0.0.0/8	(One "Class A" network of 2^^24 hosts)
	172.16.0.0/12	(Four "Class B" networks of 65K hosts each)
	192.168.0.0/16	(255 "Class C" networks of 254 hosts each)


-----------------------------------------------------------------------------
| Paul Goyette      | Public Key fingerprint:    | E-mail addresses:        |
| Network Engineer  |   0E 40 D2 FC 2A 13 74 A0  |  paul@whooppee.com       |
| and kernel hacker |   E4 69 D5 BE 65 E4 56 C6  |  paul.goyette@ascend.com |
-----------------------------------------------------------------------------