Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 13 Apr 2001 22:21:23 -0500
From:      "Ryan VanMiddlesworth" <>
To:        "Mark Woodson" <>
Cc:        <>
Subject:   Re: IPNAT not working with SOME websites
Message-ID:  <000001c0c675$cd1eb970$0401010a@RYANVM5300>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

----- Original Message -----
From: "Mark Woodson" <>
To: "Ryan VanMiddlesworth" <>
Cc: <>
Sent: Friday, April 13, 2001 10:10 AM
Subject: Re: IPNAT not working with SOME websites

> At 10:59 AM 4/11/2001 -0500, Ryan VanMiddlesworth wrote:
> >I have a dedicated Internet connection to a particular box running
> >4.2-STABLE that serves as a gateway.  The box has two NICs - one to the
> >Internet ( and the other to my internal network
> >(  I have setup ipfilter and am using ipnat to masquerade
> > addresses as the
> [snipped]
> >Here are my ipnat rules:
> >   map ed0 -> proxy port ftp ftp/tcp
> >   map ed0 -> portmap tcp/udp 10000:40000
> >   map ed0 ->
> >
> >So, what am I doing wrong?  I've setup masquerading on Linux a million
> >(using ipchains) and I've never had any problems like this.  I'm am
> >certain it must be something I'm doing, just because it's such an easily
> >reproducible problem that I can't believe no one has ever seen (and
> >it.
> Are you sure it's not your filter rules?  That sounds much more like
> got something confused with your filter.  Have you tried commenting out
> everything and just putting "pass in all" and "pass out all" to see if
> fixes it?  If it does then just add the rules back in one at a time until
> you find out which one it is that's breaking it.  Your NAT rules don't
> like there's an error in them to me.

No, I've set ipf's rules to pass everthing and that doesn't help at all.
I've really trimmed the configuration down to the bare minimum to simplify
things and it still doesn't work properly.


To Unsubscribe: send mail to
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <$cd1eb970$0401010a>