RST packet from NAT box

[jenniee]

Dear IP Filter experts!

I've just installed IP Filter ver.3.4.32 on my SunOS 5.8 SPARC9
(64bit kernel) machine but it didn't work well.
Can anyone help me with my problems?
I've searched over the mailing-list archives and also the Internet,
but couldn't found anything the same with mines.

My network layout is

                         211.XX.XX.84
                               --------------------------
INTERNET---INTRANET-----------|dmfe0  NAT BOX(SunOS 5.8) |
       (211.XX.XX.0/24)       |            dmfe1         |
                               --------------------------
                         211.XX.XX.80        | 192.168.99.1
                         211.XX.XX.81        |
                                             |
                                             | 192.168.99.0/24
                                        Private Network

This is my ipf rules

pass in all
pass out all

My ipnat rules:

# S-NAT
bimap dmfe0 192.168.99.2/32 -> 211.XX.XX.80/32
# map for Nat box itself, dont know if required
map dmfe0 192.168.99.1/32 -> 211.XX.XX.84/32
# D-NAT
map dmfe0 192.168.99.0/24 -> 211.XX.XX.83/32 proxy port ftp ftp/tcp
map dmfe0 192.168.99.0/24 -> 211.XX.XX.83/32 portmap tcp/udp 10000:40000
map dmfe0 192.168.99.0/24 -> 211.XX.XX.83/32

I used pseudo network interfaces to configure 211.XX.XX.80,81 on
dmfe0.

It goes well with ICMP frames, such as ping and traceroute, from both
internal and external hosts. I can even access to web sites from
hosts in my private network, though with a rather slow speed and
sometimes data transmission seems endless.

But when I tried to telnet or ftp a host in the intranet, i.e. 
211.XX.XX.62, from an internal host,i.e 192.168.99.2, I couldnt. 
Below are the messages I got

192.168.99.2$ telnet 211.XX.XX.62
Trying 211.XX.XX.62...
Connected to 211.XX.XX.63.
Escape character is '^]'.
Connection closed by foreign host.
192.168.99.2$

Sometimes I could go further that the remote telnet server required
username and password but after I enter my password in 211.XX.XX.62,
nothing happened.Then I pressed Enter key and the message "Connection
closed by foreign host." displayed again.

The same happened with telnet/ftp-ing a NAT'd host from another host
in the intranet (I've not tried from a host outside the intranet yet)


I tcpdumped to trace down packets flowing and found that after the
NAT box did it work well with SYN SYN/ACK ACK procedure between the
internal host and external host, some data transmission was done, 
then all of a sudden, a packet with RST flag was sent from the NAT
box to the external box, that caused connection closure.

I don't know why and how to fix this problem. So please help. 
It's urgent!!! 
Any advice will be appreciated.

Thanks,
Jennie