> Well... as a matter of fact, I first chose ipfilter because one > told me it was possible to use the "quick to" keyword that is > equivalent to ipfw fwd...
Yes, it seems that my ipfilter knowledge is rusty too. I didn't know about the to: keyword construction. So,
> Oh well, I guess I'll havr to try with ipfw then.
There's no need, You are just making fundamental errors here. You should construct Your rules in such a way, that should match traffic INcoming on You LAN interface, not already outgoing on outside interfaces (tun0/tun1).
So, if You have Your ipnat.rules: # ipnat.rules map tun1 192.168.0.120/24 -> 0/32 map tun0 192.168.0.0/24 -> 0/32 proxy port ftp ftp/tcp map tun0 192.168.0.0/24 -> 0/32 portmap tcp/udp 40000:60000 map tun0 192.168.0.0/24 -> 0/32
Then You should have (fxp0 is LAN interface, just as an example, and 1.2.3.4 is public IP address of tun0, and 5.6.7.8 is public IP address of tun1):
pass in quick on fxp0 to tun0:1.2.3.4 from 192.168.0.120 to any \ keep state pass in quick on fxp0 to tun1:5.6.7.8 from 192.168.0.0/24 to any \ keep state
I don't have time in this moment to verify it, but it should work. Can You check it, I'm curious too? ;)
-- Łukasz Bromirski lbromirski:mr0vka,eu,org
