[AusNOG] Exemption to a NAT rule for a particular destination

Karl Auer kauer at biplane.com.au
Thu May 1 14:37:06 EST 2014


On Thu, 2014-05-01 at 14:15 +1000, Geordie Guy wrote:
> Is there a way of exempting a particular IP
> address or providing some other criteria for a NAT rule?

Almost certainly, but how to do it depends on what system you are using.
Tell us what you are trying to do it *with* and someone who uses that
system will probably be able to help.

For MikroTik, for example, you add an "accept" rule to the srcnat chain
in "/ip firewall nat", limiting it to specific source or destination
addresses. Make sure such rules are placed before any masquerade actions
involving the same sources or destinations, of course.

> PS: (*%&*$ing NAT.

What you said.

Regards, K.

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer (kauer at biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: EC67 61E2 C2F6 EB55 884B E129 072B 0AF0 72AA 9882
Old fingerprint: B862 FB15 FE96 4961 BC62 1A40 6239 1208 9865 5F9A




More information about the AusNOG mailing list