I finally (after about 4 hours of hitting
my head on the wall) figured it out.
Simple really. I am running 'natd' on FreeBSD 4.1 ... The _out_going_
active connection is mapped to the masquerading IP of the box! I have
a setup where a box has 5 ips on it and maps ips for about
20 people behind the firewall.
I added a new rule to my firewall (before the divert rule) which 'fixes'
the problem (rule #00090):
00090 4 705 allow tcp from any 20 to any out xmit ed0
00099 15 2937 divert 8668 ip from any to any via ed0
This rule lets anything from the FTP port out via my outside interface.
BTW, Freebsd must have changed the way ipfw works, cause I was having
no
problems a couple of months ago. I don't *think* that aliased IPs where
affected by the divert rule in 4.0. (I don't think they should be
either! Only traffic form my second interface, ed1, should get rewritten
by natd.)
Rudy
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
