Greg,
My guess would be to look at rule 00800. I suspect that the network that
you are having problems with is on BGE0. NAT and keep-state do not play
well with each other.
Jason
On Sun, November 4, 2007 4:14 pm, [EMAIL PROTECTED] wrote:
> Hmm, I may well be missing something very obvious but
Did you try a check_state? I am using this same rule structure on BSD6
without a problem.
Thanks,
Jason
http://jasonlewis.yaritz.net
> Freddie Cash wrote:
>> On Thu, Oct 1, 2009 at 2:28 PM, Chris St Denis wrote:
>>
>>
>>> Haven't gotten any response on -questions so trying here. I've also
>>> o
The possible issue is is that once NAT changes the IP address and
possibly the port number, state tracking can no longer be applied.
AKA, the packet headers before the NAT is different than the packet
headers after. This is why NAT needs to track the state instead of
ipfw.
Folks have said that IPv6 does not support NAT, so I believe they will
not be putting it into IPFW. I do know that pf has supported IPv6 NAT
or NAT6 since 2006 and it has been working great for me for more than
five years.
On 4/30/16, Georgios Amanakis via freebsd-ipfw wrote:
> Does anyone know
