On Fri, Mar 04, 2005 at 10:49:42AM +0100, Quentin Garnier wrote:
> > It's that last part "redirect 192.168.205.130 to host 192.168.205.130" ?!
> 
> What does ifconfig vlan3 say on gw?  Seems that gw thinks 192.168.204 and
> 192.168.205 are on the same LAN segment.

They are on the same segment.. vlan3 is on 192.168.192/20 which includes
204 and 205. Does this matter though? It seems the redirect is fired, just
sideways..

> The last line is a bit weird I'd say.  I don't know how the stack keeps
> track of repeated redirect announces.
> 
> > ipnat.conf:
> > rdr vlan3 192.168.205.130/32 port 80 -> 192.168.0.130 port 80 tcp
> > rdr vlan3 192.168.205.130/32 port 443 -> 192.168.0.130 port 443 tcp
> > rdr vlan3 192.168.205.130/32 port 25 -> 192.168.0.130 port 25 tcp
> > rdr vlan3 192.168.205.143/32 port 143 -> 192.168.0.143 port 143 tcp
> > rdr vlan3 192.168.205.143/32 port 80 -> 192.168.0.143 port 80 tcp
> > rdr vlan3 192.168.205.143/32 port 443 -> 192.168.0.143 port 443 tcp
> > rdr vlan3 192.168.205.143/32 port 123 -> 192.168.0.143 port 123 tcp/udp
> > rdr vlan3 192.168.205.130/32 port 123 -> 192.168.0.130 port 123 tcp/udp
> 
> That looks fine.  Any oddities in ipf.conf?

Very simple..

pass out on vlan0 all
pass in on vlan0 all
pass out on vlan2 all
pass in on vlan2 all
pass out on vlan3 all
pass in on vlan3 all
pass out proto icmp all
pass in proto icmp all
pass out on lo0 all
pass in on lo0 all

(just in case... after finding that port = domain gives a "service not
found error" unless you also add a proto tcp/udp I pared it down somewhat..)

I have only just set this box up, so I don't if this is specific to 4.1.6,
it's just the version I happen to be using..

Cheers,

Patrick
(In the meantime things are working with a nasty DNS hack instead..)