Gene ENonymous wrote:
> I'll ask the obvious: what rules are you using? I'd like to see your
> ipf.conf and your ipnat.conf...
> 
> I'm kinda busy, but I would urge you to join both the mailing lists I've
> cc'd this message to. ipf has a web archive too.

hi gene,

Well, I like to play with them, so my ipf.conf and ipnat.conf are kind 
of in flux.  When I'm in the mood to have a minimal configuration, it 
looks like this:

ipf.conf
------------------------------
pass out quick on ex0 proto tcp from any to any port = 993 keep state
block in quick on ex0 proto tcp from any to any port = 32768
pass in all
pass out all
------------------------------
(what I'm using port 32768 for is a secret :)

ipnat.conf
------------------------------
map ex0 192.168.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ex0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 30000:32000
map ex0 192.168.0.0/24 -> 0.0.0.0/32

rdr ex0 0.0.0.0/0 port 5802 -> 192.168.0.2 port 5802 tcp       #vnc
rdr ex0 0.0.0.0/0 port 5902 -> 192.168.0.2 port 5902 tcp       #vnc
[about 20 more redirects]
------------------------------
(I find that 2000 ports for mapping is more than enough)

Its a crazy problem that I've been wrestling with for months.  I could 
go on for pages about all the stuff I've tried, and other issues that I 
think may be related.  I'm not sure if it is a problem for the ipfilter 
people, rather than the netbsd people, but I'll CC them on this mail 
anyway.  Basically, my hope is to find instructions for better 
investigating what is going wrong.  There is no error in any log, so I'm 
kind of at the limit of my expertise.

-d