Hi,

<snip>
> There are some restrictions in using ip-nat. The other computers
> cannot be accessed from the outside (ip-nat makes some kind of
> firewall for you LAN), and ftp only works in "passive"
> mode. Webbrowsers usually do this automatically, for command line ftp
> clients you need to use the "passive" command at the beginning of the
> session.

You can avoid using PASV on ftp clients by proxying ftp on the nat box. For
example, your ipnat.conf could contain:

map ne1 0.0.0.0/0 -> 172.16.126.1/32 proxy port ftp ftp/tcp

where ne1 is the outgoing (connected to the larger internal network)
interface, 0.0.0.0/0 is anything coming in on in interface(s) (in my case
they come in on ne0), and 172.16.126.1 is the nat box (ne1) IP address (in
this example, mine is an internal/private IP).

I also found that I need to re-direct the auth protocol because I don't
control all the mail servers on my network and you don't want your clients
waiting for auth to time out when they're sending email.

rdr ne1 0.0.0.0/0 port auth -> 127.0.0.1 port auth

Just thought I'd throw in my 2 cents :-)
Regards!
"~"~"~"~"~"~"~"~"~"~"~"
Don Ray - Service Technologies
Picker International
email: dray@servecom.picker.com
"~"~"~"~"~"~"~"~"~"~"~"