Since there has been no reply to my four mails from August 16-19, here
a summary again.
I always liked IPF because of its well-functioning FTP proxy and had
3.4.x (finally, 3.4.35) running for years on a Solaris 7_x86 PC with
two interfaces (routing). This was replaced by a Solaris 9 SunFire V210
(64 bit only), with IPF 3.4.35 compiled on it and the same configuration
as on the PC. Then with FTP proxy rules in ipnat.conf, IPF did not pass any
FTP-related packets (not even those of the control connection) to the other
interface, as verified by snoop. But they were not logged as blocked by
any rule, and ipnat -l shows correct mapping. This happens only for
connections *through* the firewall, whereas the FTP proxy works for
connections from the firewall machine itself to the outer net. Also,
no-proxy NAT works correctly through the firewall.
For more details, see my former mails.
Any ideas? Experimenting is difficult for me, since this is a busy
firewall of an institute.
