In some email I received from Victor Duchovni, sie wrote: > The rules generally look like: > > map iIF from any to dIP/32 -> 0.0.0.0/32 portmap tcp auto
Instead, try: map iIF from any to dIP/32 -> 0.0.0.0/32 portmap tcp 1025:65535 > Is there a better way to define "pseudo-plugs" (for a single source > IP)? Perhaps the rules should always NAT all client, but permit access > to only the intended client? I think that is definately worth doing. Darren
