Subnet Address Mapping
This service subcommand designates a public “apparent” IP Address to be shared by all computers in a private subnet. This permits an ISP (for example) to assign a single public IP Address for use by all computers at a customer site.
service [int] subnet [subnet address/bits] [app IP] service [int] client [subnet address/bits] [app IP]
- “int” is the NetNAT Interface on the “public” side (i.e. en0, tr0, ppp0)
- “subnet address/bits” is the subnet description for the client subnet
- “app IP” is the apparent IP Address to be shared by all members of that subnet
When a client computer sends a message through the NAT to the outside world, the NAT must select an IP Address to use for that client, for this message. This command specifies that a certain IP Address will be used for everybody in the specified subnet. They may all be active at the same time, since we use port translation to permit them to share the IP Address simultaneously.
The two forms of the command are equivalent. The original name for the command was “service client” but is being changed to “service subnet” to make its meaning more clear. The subnet may be as restrictive as desired, allowing you to assign an apparent IP Address to a single computer if desired. For example:
service en0 subnet 192.168.31.4/32 126.96.36.199 service en0 subnet 192.168.31.0/24 188.8.131.52
This instructs the NAT to use 184.108.40.206 for the single computer at 192.168.31.4, and use 220.127.116.11 for everybody else in that subnet. At present, you may have up to 32 subnet mapping definitions in your NAT configuration.