On Wed, Dec 20, 2000 at 09:57:18AM -0800, Luigi Rizzo wrote:
> > Currently I'm trying to move towards a statefull packet filter. When testing
> > without nat all seems to work fine. But when I added natd (as the first
> > rule) packets that were natd-ed on their way out had their return traffic
> > blocked. The question is, what am I doing wrong?!?
>
> nat changes addresses and then reinjects packets in the firewall.
> Chances are that there is no dynamic rule matching the
> packet after the translation.
This is what I know, the problem is how to nat at the right time. I played
with two natting rules, one for incoming and one for outgoing traffic (to the
same nat process) but I didn't got working. This made me think that there
should be a simple solution to this problem.
--
Rene de Vries http://www.tcja.nl mailto:[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
