OK, great.Since I have the internet on the same interface, but on the primary IP instead, would enabling ARP PROXY not fill the ARP table with every host on the internet, that tries to contact the gateway ?
Are you using default route? If yes, only default router's MAC used for every external IP.
I just changed my ipnat rule to:No NAT is needed.No NAT is needed.I just tried this, but unfortunately, the same thing happens as with ipfilter:
The primary address of the interface ed0 on the gateway (the public adress) is used to forward the arp request.
Taken from a dump on the gateay, when attempting telnet:
Incoming on rl0:
03:35:05.867883 192.168.0.2.1511 > 192.168.2.2.23: S 1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10]
Outgoing on ed0:
03:35:05.868333 195.0.0.1.15009 > 192.168.2.2.23: S 1377718084:1377718084(0) win 57344 <mss 1460> (DF) [tos 0x10]
Just allow 192.168.0.2 <-> 192.168.2.2 flow directly,
not via NAT
map ed0 from 192.168.0.0/24 ! to 192.168.0.0/16 -> 0/32
map ed0 from 192.168.0.0/24 ! to 192.168.0.0/16 -> 0/32 portmap tcp/udp 15000:19999
And this is now working. Thanks a bunch! ;-) _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
