From owner-freebsd-questions Mon Sep 9 12:39:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 112A037B400 for ; Mon, 9 Sep 2002 12:39:23 -0700 (PDT) Received: from www.fastmail.fm (fastmail.fm [209.61.183.86]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B54243E42 for ; Mon, 9 Sep 2002 12:39:22 -0700 (PDT) (envelope-from cpowell1@mindspring.com) Received: from www.fastmail.fm (localhost [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 57A6D6DBBA for ; Mon, 9 Sep 2002 14:39:16 -0500 (CDT) Received: from server2.fastmail.fm (server2.internal [10.202.2.133]) by www.fastmail.fm (Postfix) with ESMTP id B696D6DB95 for ; Mon, 9 Sep 2002 14:39:14 -0500 (CDT) Received: by server2.fastmail.fm (Postfix, from userid 99) id 32932937E4; Mon, 9 Sep 2002 14:39:13 -0500 (CDT) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="ISO-8859-1" MIME-Version: 1.0 X-Mailer: MIME::Lite 1.2 (F2.6; T1.001; A1.48; B2.12; Q2.03) Date: Mon, 9 Sep 2002 19:39:13 UT From: "Cherie Powell" To: freebsd-questions@FreeBSD.org X-Epoch: 1031600356 X-Sasl-enc: s2QB1/geqtzFI2jJELF8mg Subject: Re: One way cable modem/ipfilter Message-Id: <20020909193913.32932937E4@server2.fastmail.fm> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 9 Sep 2002 22:09:37 +0000, "D. Penev" said: > According to you explanation I suppose that you use ppp -nat to make > address translation of private ip's , that in this situation is not > correct. > Try to use ipnat(8) for ip translation. I am doing exactly that. Here's my rules: #ipnat -l List of active MAP/Redirect filters: map tun0 10.8.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp map tun0 10.8.0.0/24 -> 0.0.0.0/32 As I said before, it (the firewall) just doesn't seem to know what to do with the packets when it gets them back through vx0. Someone here at work told me it might work to create a loopback interface and forward all the packets through that. (I'm assuming he means xl0 -> lo0 -> tun0 and vx0 -> lo0 -> xl0.) He couldn't tell me how exactly to do that, though. I don't suppose any of this prompts any further suggestions? :-) Cherie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message