Murray Thomson wrote: > I removed it from the one when I pulled the ipfilter 4.1.9. Still only > returning some sights. I looked at it in ethereal over the ppp > interface and saw that the router is returning an icmp message that > says port unavailable. > > Sequence is this. PC operator asks for web page. > PC make DNS lookup request. > Packet goes to server and gets translated. > DNS responds > Sun server receives packet and responds to DNS that port is not available. > I still have to go back and test this but I believe that if the sun got > to the web page before then it will nat OK.
Hmmm. So let me get this straight: PC-------Sun------Internet ^ ^ ethernet sppp 1. PC -> Sun : DNS request 2. Sun -> DNS server : NAT'd DNS request (NAT works here?) 3. DNS Server -> Sun : DNS Response 4. Sun -> DNS Server: ICMP Port unreachable ?? I'd really like to see a packet dump of that. Also, I'm curious what happens if the DNS server is inside the network, or if you browse by IP and don't require DNS. > When I was using 4.1.9 I didn't have teh icmp errors but the thing just > wouldn't translate. But it translates in 3, rigt? It just gets the ICMP Port Unreachables? Hmmm - wait, you're ruleset... try just this: pass in quick on bge0 from any to any flags S keep state keep frags block in quick on sppp0 from any to any And let me know how that goes. -- Phil Dibowitz [EMAIL PROTECTED] Freeware and Technical Pages Insanity Palace of Metallica http://www.phildev.net/ http://www.ipom.com/ "Be who you are and say what you feel, because those who mind don't matter and those who matter don't mind." - Dr. Suess
signature.asc
Description: OpenPGP digital signature
