Jan,

I was careless in typing this rule (and a bit lazy).  The map rule is in 
fact:

map le0 10.1.1.0/24 -> 0/32

I also had a rule:

map le0 10.1.1.0/24 -> 0/32 portmap 10000:40000

Which was first, but I have it hashed out now.

Sorry, I should have been more careful when I retyped that.

If I do an NVRAM update, I can probably set the eeprom flag to make 
these unique, but I need to run Solaris for that I think.

Oh well.  I don't think that's my problem though, as you say.

Cheers,

rgr

Jan Schaumann wrote:

>"Richard G. Roberto" <rich@dedlegend.com> wrote:
>
>>I created an empty /etc/ipf.conf file, and an
>>/etc/ipnat.conf that looks like this:
>>
>>map 10.1.1.0/24 -> 0/32
>>
>>The trouble I'm having is the same trouble I had when I had ipf rules,
>>which is, tcp sessions start to work, then stop, and small udp
>>comunications are fine (dig works fine through the NAT, for example).
>>
>
>In cas you haven't, read the "IP Filter Based Firewall HOWTO"
>(http://www.obfuscation.org/ipf/ipf-howto.txt).
>
>It seems to me that you ought to specify the outside interface in the
>map-rule, in your case
>
>map le0 10.1.1.0/24 -> 0/32
>
>If I leave out the interface and do "/etc/rc.d/ipnat restart", it gives
>me an error-message...
>
>>This is on a Sparc4 70Mz machine with 32 MB RAM. I'm using the le0
>>device as the outside interface and a qe0 device as the inside
>>interface. They both have the same ehternet address, and I can't seem to
>>use ifconfig on NetBSD to change that.
>>
>
>As I understand it, you can not change it.  On Sparcs, all ethernet
>interfaces do have the same ethernet-address, as they are (as you
>suggested) part of different subnets.
>
>-Jan
>