Where is the nat policy configured in KAMIKAZE... I need to turn off the hide nat for the internal network and have the abilitiy to create static nat's and no-nat rules...

I only know the very basic's of IP tables but I can not find any statements that look like they define a rule saying
Src----Dest-----Service----TranslatedSrc---TransDest---TransService

I dont see anything in relation to NAT in /etc/config/firewall

maybe its configured in /etc/firewall.user and I just dont know how to write the rule...... ????? or in /etc/init.d/firewall??????

I have my netscreen infront of the linksys and the netscreen has a site to site VPN to a friends house but the way I configured my local encryption domain on it will require me to have a static for ip's I want to push over the VPN

plus it makes me crazy that its natting everything to the external ip... it makes it a bit hard to create firewall rules when everything has the same IP address

I found how to disable it in DDWRT in the GUI but now with OpenWRT I cant find where to disable it...

I was thinking of using Firewall Builder which looks to work just like the Checkpoint GUI... but thats sorta cheating

Yes, NAT (MASQUERADE) is setup in /etc/init.d/firewall (/etc/rc.d/S45firewall).

To disable NAT try 'uci set network.lan.nat=0; uci commit; /etc/init.d/firewall restart'.

Hope this helps,
Charlie

In /etc/config/firewall (in trunk /etc/firewall.config). Also look at /etc/init.d/firewall.

The firewall can't be configured using UCI.