At 03:14 PM 11/12/99 -0500, Ted Lemon wrote:
>
>> ># Redirect Real Networks streams to 10.0.0.9
>> ># (interestingly, it seems to work for any host)
>> >#rdr ppp0 0/0 port 7070 -> 10.0.0.9 port 7070 tcp/udp
>> >#
>> 
>> Most probably because Realplayer will fallback to a tcp transport if UDP
>> doesn't work. I'd bet that your machine at 10.0.0.9 is using udp, while all
>> the others are using a tcp socket opened by the client.
>
>That line's commented out. 

Yeah, I wondered why you'd gone to all the trouble to comment those in your
email ;-)

>UDP works fine across the NAT. I don't
>use realplayer, so I can't comment on that.

RealPlayer's problem is that the UDP packets come from the server to the
client, without any UDP packets first going from client to server (which
ipnat could use to set up a mapping for the server->client packets)
(instead, there is a tcp control session which sends the UDP port info to
the server).

>> Note that this one will only work if 1) all your ftp clients are using
>> passive mode, or 2) you allow all incoming tcp sessions in ipf (anyone know
>> if there's a way to get ipf to recognize ftp data streams like ipnat does?
>
>On NetBSD, the ftp client uses passive by default, so this isn't a
>problem for me... :')

Unfortunately, some of us are forced to live amidst the eternal Purgatory
that is called MS Windows (I have several MS clients behind my NetBSD
firewall/nat box) :-(