On Tue, 21 Dec 2004, Teemu Rinta-aho wrote:

> Thanks, but no matter how I write the rules and how minimal
> and unsophisticated I make the ruleset, it just doesn't work.
> 
> Could someone please tell me how these different filters
> locate in the stack (i.e. ipfilter, pf and tcpdump) for incoming
> and outgoing packets? What I noticed was that when I use
> ipfilter, with tcpdump I see packets going out with the IP
> source address of the external interface (NAT has taken
> place before tcpdump), while with pf I see source addresses
> not been changed by NAT yet... Is the pf NAT broken or is the
> situation in the output something like this?

With ipf on outbound traffic it's first ipf, then ipnat.
About pf i'm not sure.
Anyway, nat on pf is working fine here, ftp-proxy also runs here.
Maybe show the rules you use to nat?
Bye,

Mipam.