Greetings. I've got an internal network which I'm natting out on my external interface. I need it to not nat this range for when connection to a specific other range (vpn configured on the router).
Currently my rules look like this. map ed1 from 192.1.0.0/24 to 192.0.0.0/8 -> 192.1.0.0/24 proxy port ftp ftp/ tcp map ed1 from 192.1.0.0/24 to 192.0.0.0/8 -> 192.1.0.0/24 portmap tcp 40000:60000 map ed1 from 192.1.0.0/24 to 192.0.0.0/8 -> 192.1.0.0/24 map ed1 192.1.0.0/24 -> 209.203.35.62/32 proxy port ftp ftp/tcp map ed1 192.1.0.0/24 -> 209.203.35.62/32 portmap tcp 40000:60000 map ed1 192.1.0.0/24 -> 209.203.35.62/32 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This works ok when connecting to the other 192. lans. But when the other lans try to make an incoming connection. It passes through the firewall. The internal box responds but it doesn't seem to leave the external interface. Or it is leaving the interface but is getting natted ?!?! If I flush all my nat rules. these connections work great. But then internet access is stuffed. Any ideas what is going wrong here ? tx e.
