On Friday 16 September 2005 04:13 pm, Ryan Puckett wrote:
> In my experience, any protocols where the server will generate a
> separate connection back to the client (like ftp) will not work with
> NAT pools.
Even passive ftp?
> nat on $ext_if inet from <internal-subnets> to any port
> $NATPoolPortsTCP -> $natpool30 source-hash
Hmm...you may have something there. I didn't have the "inet" keyword,
which according to Jacek's book is required if the target address
expands to more than one address family. As posted earlier:
-------------------------------------------
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:07:e9:93:2b:50
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 66.100.28.130 netmask 0xfffffff0 broadcast 66.100.28.143
inet6 fe80::207:e9ff:fe93:2b50%fxp0 prefixlen 64 scopeid 0x3
inet 66.100.28.131 netmask 0xffffffff broadcast 66.100.28.131
inet 66.100.28.132 netmask 0xffffffff broadcast 66.100.28.132
inet 66.100.28.132 netmask 0xffffffff broadcast 66.100.28.133
...
inet 66.100.28.132 netmask 0xffffffff broadcast 66.100.28.142
-------------------------------------------
Does the inet6 component, seemingly only tied to the primary address,
apply to the aliases (the upper half of the aliases form the pool) as
well?
Also what happens to the other component? IOW if the nat rule contains
inet does ipv6 get dropped or just not natted? Or vice versa (if the
nat rule contains inet6)?
Thanks.
Chris
