From owner-freebsd-questions Wed Feb 21 15:52:19 2001 Delivered-To: freebsd-questions@freebsd.org Received: from nameserver.austclear.com.au (nameserver.austclear.com.au [192.83.119.132]) by hub.freebsd.org (Postfix) with ESMTP id 61A4E37B401 for ; Wed, 21 Feb 2001 15:52:14 -0800 (PST) (envelope-from ahl@austclear.com.au) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.70.1]) by nameserver.austclear.com.au (8.9.3/8.9.3) with ESMTP id KAA00532; Thu, 22 Feb 2001 10:52:10 +1100 (EST) Received: from tungsten (tungsten [192.168.70.1]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id KAA29610; Thu, 22 Feb 2001 10:52:10 +1100 (EST) Message-Id: <200102212352.KAA29610@tungsten.austclear.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: "greg" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: NAT and keep-state issue. In-Reply-To: Message from "greg" of "Wed, 21 Feb 2001 18:35:54 -0800." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 22 Feb 2001 10:52:10 +1100 From: Tony Landells Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > Just another thought on that Tony, > > I think I read somewhere that if there is not a 'check-state' rule, > the dynamic rules would be checked at the first instance of "keep-state". > Is this your understanding too? Yes, but the problem is that if the natd on fxp0 is hiding internal addresses as 222.222.222.222, you need to do a check-state on the incoming packets before they hit natd again and are translated back to the internal addresses. Perhaps you should provide the arguments to natd, and some example of the logging you're getting from ipfw? Tony -- Tony Landells Senior Network Engineer Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message