All: I have a SPARC/Solaris 9 box currently set up doing NAT and filtering using 3.4.33pre2, and all is working well.
I have another SPARC/Solaris 9 box which I'm trying to do the same thing with, but using 3.4.35, and it appears that NAT isn't working for some reason. Relevant ipf rules: @12 pass out quick on bge0 from 216.27.180.3/32 to any @19 block out log quick on bge0 from any to any The ipnat.conf file looks like: map bge0 192.168.12.0/24 -> 216.27.180.3/32 proxy port ftp ftp/tcp map bge0 192.168.12.0/24 -> 216.27.180.3/32 portmap tcp/udp 40000:60000 map bge0 192.168.12.0/24 -> 216.27.180.3/32 The NAT seems to not be happening before the filtering, because I'm getting: Mar 3 01:49:31 guinness ipmon[111]: [ID 702911 local0.warning] 01:49:31.735297 bge0 @0:19 b 192.168.12.11,49262 -> 216.38.80.20,80 PR tcp len 20 60 -S OUT errors when trying to get out from a machine using the new SPARC box as its default router. On the SPARC box, there are no NAT:MAP messages being generated, either. So, it's like the whole NAT step is being skipped somehow... Some notes: I tried using 3.4.33pre2 on the new SPARC box, and that didn't change anything. I've double-checked to make sure ip forwarding is enabled, restarted ipf repeatedly, etc. I *have* to be missing something stupid... :-/ -- Paul H. Yoshimune [EMAIL PROTECTED]
