Hi,

I am running i4b 0.83.0 on a current NetBSD/i386 machine
which acts as a router/firewall for my LAN. On this
machine, I use the following /etc/ipnat.conf:

map isp0 192.168.2.0/24 -> 0/32 proxy port ftp ftp/tcp
map isp0 192.168.2.0/24 -> 0/32 portmap tcp/udp 20000:30000
map isp0 192.168.2.0/24 -> 0/32
rdr isp0 0.0.0.0/0 port 21 -> 192.168.2.1 port 21 tcp

/etc/ipf.conf is empty.

The first connection (which causes a dialup to my ISP an
an assignment of a local IP address) from another host on
my side of the firewall always hangs.

Examples (use any program which causes IP traffic to the
Internet):

    % telnet -N a.b.c.d (dialup succeeds, telnet hangs)
    ^C
    % telnet -N a.b.c.d (succeeds)
    Trying a.b.c.d...
    Connected to a.b.c.d.

or

    % ping -n a.b.c.d   (dialup succeeds, no output)
    ^C
    % ping -n a.b.c.d   (succeeds)

I have used numerical IP address to avoid DNS lookups in this
case.

Using tcpdump on isp0 does not show any traffic caused by
the first call of telnet/ping/... besides some lcp(?)
messages during connection setup if the program was run
from within my LAN.

Running ping was run on the firewall itself works well.
telnet run from the firewall terminates with "Can't assign
requested address".

I think that it was similar when I was using pppd and a
modem instead of isdn4bsd.

Do I have to add more/other ipnat/ipf rules or what is
wrong here? If you need some ipmon output or so, just
let me know.

    Ingolf
-- 

Ingolf Koch                      Beste Kneipe in Jena-Ost
PGP: 0x7B3B5661  213C 828E 0C92 16B5  05D0 4D5B A324 EC04