After all that I was still doing NAT wrong, I thank you Norman! It works perfectly now and it makes much more sense as NAT must be done from the lo0 too out on the external IF.
2011/10/13 Norman Golisz <li...@zcat.de>: > Hi Stefan, > > On Wed Oct 12 2011 14:59, Stefan Midjich wrote: >> I must say that thanks to your help on this list I've finally managed >> to get it working. I have bought FreeBSD CD sets in the past as a >> means to donate and I intend to buy 5.0 sets now because I believe >> strongly in open source software. > > really fine! > >> The only thing I have yet to solve is the ftp-proxy redirection. Here >> is my current ruleset. > > Well, you defined this match for outgoing packets of vic2: > >> match out on vic2 inet from 10.221.181.10 to any nat-to (vic2) round-robin > > but allow the ftp-proxy to send packets from 127.0.0.1: > >> pass out inet proto tcp from 127.0.0.1 to any port = ftp flags S/SA keep state > > Hence, change the match rule to: > >> match out on vic2 inet all nat-to (vic2) round-robin > > Good luck, > Norman > -- Med vdnliga hdlsningar / With kind regards Stefan Midjich
