andrew, to help, we need to know a little more about your config. see this ipf faq entry: http://www.phildev.net/ipf/IPFmail.html#mail3
also, what does (as root) # /usr/sbin/ndd /dev/ip ip_forwarding report? jim Sandwich Maker wrote:
solaris 8 64 bit, ipfilter 3.4.35. filtering has been working fine since i launched this machine last november, though i've changed the rules a few times. but now i want to add nat so that a w98 notebook can share my [static ip] dialup, and that -isn't- working. the two systems talk to each other fine over my network. when i try to reach outside from the notebook, snoop sees outgoing packets and replies but ipfstat -t sees nothing, and the notebook sees nothing also. # ipfstat -ion @1 pass out on ipdptp0 proto tcp/udp from 0/32 to any keep state @2 pass out on ipdptp0 proto icmp from 0/32 to any keep state @1 block in log quick on ipdptp0 proto icmp from any to 0/32 @2 block in log quick from any to any with ipopt @3 block in log quick proto tcp from any to any with short @4 block in on ipdptp0 from any to any @5 pass in on ipdptp0 proto tcp from 208.218.130.0/27 to 0/32 port = 25 flags S/FSRPAU keep state keep frags @6 pass in on ipdptp0 proto tcp from any to 0/32 port > 32767 flags S/FSRPAU keep state keep frags head 100 @1 block in from 0.0.0.0/8 to any group 100 @2 block in from 10.0.0.0/8 to any group 100 @3 block in from 127.0.0.0/8 to any group 100 @4 block in from 169.154.0.0/16 to any group 100 @5 block in from 172.16.0.0/12 to any group 100 @6 block in from 192.0.2.0/24 to any group 100 @7 block in from 192.168.0.0/16 to any group 100 @8 block in from 0/32 to any group 100 @9 block in from 224.0.0.0/3 to any group 100 # ipnat -l List of active MAP/Redirect filters: map ipdptp0 10.0.0.0/8 -> 0/32 portmap tcp/udp auto map ipdptp0 10.0.0.0/8 -> 0/32 i've also tried a couple of map proxies - ftp, raudio - but they didn't make a difference. neither did specifying port 32768:65535. btw, i edited my external ip here to be 0/32 but i use my actual ip in my rules. as i said, it's static, so should be irrelevant... ________________________________________________________________________ Andrew Hay the genius nature internet rambler is to see what all have seen [EMAIL PROTECTED] and think what none thought
