On 07/04/2007 03:10:50 PM, Попов Игорь Николаевич wrote:
Hi,
I have router under OpenBSD, it main purpose is NAT.
some rules from /etc/pf.conf
#...
table <nat_addr> const { 80.0.0.21 80.0.0.22 80.0.0.23 80.0.0.24 }
table <lan_addr> const { 192.168.0.0/25 192.168.10.0/24 }
# NAT
nat pass on $ext_if inet tagged LAN_INET -> <nat_addr> round-robin
sticky-address
#...
# nat marker
pass in on $int_if inet from <lan_addr> to !(self) keep state flags
S/SA \
tag LAN_INET queue q_traff
#...
There are 4 ip addresses (aliases) on $ext_if - the first is used for
controlling router, others are used for NAT.
And question is how to make ftp-proxy work in this situation?
Both source addresses for control and data connections must be the
same - many ftp servers deny data connection when control connection
has another ip.
Where are you putting your nat-anchor and rdr-anchor anchors in
the config above? I'm a bit tired but it seems to me that if
they go above your NAT section things should work.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
