Feature #3887
closed
Add a "No binat" checkbox to 1:1 NAT for exclusions
Added by Jim Pingle about 10 years ago.
Updated almost 9 years ago.
Estimated time:
(Total: 0.00 h)
Description
In some cases it is necessary to create exclusions from a broad definition of a more general 1:1 NAT rule, such as:
- No 1:1 NAT for x.x.x.1
- No 1:1 NAT for x.x.x.2
- 1:1 NAT for y.y.y.0/24 -> x.x.x.0/24
That way NAT could be performed for the entire subnet on that interface except for the gateway and the firewall itself.
- Assignee set to Anonymous
1-to-1 rules can already be dragged to reorder. I can add a "no binat" (or "exclude") checkbox, save the setting, and display a suitable icon when it is checked.
JimP - can you help with creating the NAT rule correctly on "Apply" ?
The rule should look like the current rule but have "no " before the rest of the line. For example source:src/etc/inc/filter.inc#L1877 line 1877 shows where the binat line is made, if the negation box is checked then that line should start with "no binat" rather than "binat". And now that I look there, the NAT reflection bits above and below there should be skipped as well if the negation box is checked.
Also "-> {$target}{$sn1}" is not required for no binat
- Status changed from New to Assigned
- Assignee changed from Anonymous to Jim Pingle
Implemented as requested.
Swinging it over to JimP for testing
- Status changed from Assigned to Feedback
- Status changed from Feedback to Resolved
Seems to do the job. Rules look like I expect, pf doesn't complain.
Also available in: Atom
PDF
Updated by 
Updated by Anonymous 
Updated by