On Friday 16 September 2005 04:13 pm, Ryan Puckett wrote: > In my experience, any protocols where the server will generate a > separate connection back to the client (like ftp) will not work with > NAT pools.
Even passive ftp? > nat on $ext_if inet from <internal-subnets> to any port > $NATPoolPortsTCP -> $natpool30 source-hash Hmm...you may have something there. I didn't have the "inet" keyword, which according to Jacek's book is required if the target address expands to more than one address family. As posted earlier: ------------------------------------------- fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 address: 00:07:e9:93:2b:50 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 66.100.28.130 netmask 0xfffffff0 broadcast 66.100.28.143 inet6 fe80::207:e9ff:fe93:2b50%fxp0 prefixlen 64 scopeid 0x3 inet 66.100.28.131 netmask 0xffffffff broadcast 66.100.28.131 inet 66.100.28.132 netmask 0xffffffff broadcast 66.100.28.132 inet 66.100.28.132 netmask 0xffffffff broadcast 66.100.28.133 ... inet 66.100.28.132 netmask 0xffffffff broadcast 66.100.28.142 ------------------------------------------- Does the inet6 component, seemingly only tied to the primary address, apply to the aliases (the upper half of the aliases form the pool) as well? Also what happens to the other component? IOW if the nat rule contains inet does ipv6 get dropped or just not natted? Or vice versa (if the nat rule contains inet6)? Thanks. Chris