Re: nat problems when using address pool

2005-09-21 Thread Chris Smith
Just an update. It seems source-hash, for whatever reason, simply doesn't work for me. I did find an older post that exhibits a similar issue: http://www.monkey.org/openbsd/archive/bugs/0403/msg00211.html Round-robin works fine, but source-hash will always leave some systems blind to the Inter

Re: nat problems when using address pool

2005-09-19 Thread Chris Smith
Still no go. I added the "inet" keyword but still cannot use an address pool for nat. Some users will get time outs and other will run fine. Oddly, if I reload the rules (pfctl -f /etc/pf.conf) different users will be affected, some that were previously working will stop and those who weren't wo

Re: nat problems when using address pool

2005-09-16 Thread Chris Smith
On Friday 16 September 2005 04:13 pm, Ryan Puckett wrote: > In my experience, any protocols where the server will generate a > separate connection back to the client (like ftp) will not work with > NAT pools. Even passive ftp? > nat on $ext_if inet from to any port > $NATPoolPortsTCP -> $natpool

Re: nat problems when using address pool

2005-09-16 Thread Chris Smith
On Friday 16 September 2005 04:20 pm, Raymond Lillard wrote: > First off, it's a bad idea to broadcast your real IP numbers > in a public place. I had always thought that but then I read this article: http://homepages.tesco.net/~J.deBoynePollard/FGA/dont-obscure-your-dns-data.html It seems to mak

Re: nat problems when using address pool

2005-09-16 Thread Raymond Lillard
Chris Smith wrote: OpenBSD 3.7 Some hosts will experience poor to seemingly no Internet access when using NAT address pools - web sites time out, even pings to remote addresses fail. Using: nat on $ext_if from !$ext_if -> $ext_if:0 works fine. Using: nat on $ext_if from !$ext_if -> $ext_if

Re: nat problems when using address pool

2005-09-16 Thread Ryan Puckett
Granted I'm running 3.6 but I have a setup very similar to you. The external NATs of the servers are not in the natpool30 (1.2.3.0/30) network. In my experience, any protocols where the server will generate a separate connection back to the client (like ftp) will not work with NAT pools. #Port N

nat problems when using address pool

2005-09-16 Thread Chris Smith
OpenBSD 3.7 Some hosts will experience poor to seemingly no Internet access when using NAT address pools - web sites time out, even pings to remote addresses fail. Using: nat on $ext_if from !$ext_if -> $ext_if:0 works fine. Using: nat on $ext_if from !$ext_if -> $ext_if or nat on $ext_if from