On Thu, Mar 20, 2003 at 11:02:03AM -0800, Bryan Irvine wrote: > no nat on $WAN from $LAN to $DMZ > no nat on $WAN from $DMZ to $LAN > nat on $WAN inet from $LAN to any -> ($WAN) > nat on $WAN inet from $DMZ to any -> ($WAN)
Packets from $LAN to $DMZ and vice versa, never go across $WAN interface. Hence, "no nat on $WAN from $LAN to $DMZ" is bogus. It does nothing. Try, "no nat from $LAN to $DMZ" // haver
