On Tue, Dec 04, 2001 at 09:18:08PM +0100, Arjan de Vet wrote: > In article <[EMAIL PROTECTED]> you write: > ># allow everything to the another building > >add allow ip from any to 172.27.40.0/23 > >add divert natd ip from any to any via xl0 > >add allow ip from any to any > > I'm not familiar with natd but I guess this means that traffic towards > 172.27.40.0/23 should not be NATted but the rest should. yup... exactly!
> >-- ipnat.rules -- > >map xl0 172.27.0.0/23 -> x.x.x.x/32 proxy port ftp ftp/tcp > >map xl0 from 172.27.0.0/23 to any -> x.x.x.x/32 > > Try something like this: > > map xl0 from 172.27.0.0/23 to 172.27.40.0/23 -> 0/0 proxy port ftp ftp/tcp > map xl0 from 172.27.0.0/23 to 172.27.40.0/23 -> 0/0 > map xl0 from 172.27.0.0/23 to any -> x.x.x.x/32 proxy port ftp ftp/tcp > map xl0 from 172.27.0.0/23 to any -> x.x.x.x/32 > > 0/0 is a special directive to indicate that no NAT-ing should take place > (0/32 is shorthand for the current IP address of the xl0 interface, > useful if that address is obtained via DHCP). nice.. had no idea about that (does it says that in the documentation?). unfortunatly it still doesn't work :( for instance... telnet x.x.x.x 25 works from 172.27.40.123 but telnet 172.27.0.1 25 doesnt :( > The first two rules say that traffic from 172.27.0.0/23 towards > 172.27.40.0/23 should not be natted (but the kernel ftp proxy is still > used in this case). The rest will be NAT-ed to x.x.x.x. > >-- rc.conf -- > >ipfilter_enable="YES" > >ipfilter_program="/sbin/ipf -Fa -f" > >ipfilter_flags="" > >ipfilter_rules="/etc/ipf.rules" > >ipnat_enable="YES" > >ipnat_program="/sbin/ipnat -CF -f" > >ipnat_rules="/etc/ipnat.rules" > >ipmon_enable="YES" > >ipmon_program="/sbin/ipmon" > >ipmon_flags="-Ds" > You only need the _enable variables here. I know. I provided the output for you guys just in case ... Best regards, veedee. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
