Quote:
Originally Posted by J65nko
What are you trying to achieve? Allow clients from the internal net to use ftp servers on the internet? Or allow external clients to access a ftp-server in a DMZ?
You have 4 interfaces: vic0, vic2, vic3 and vic4. vic2 and 3 are used for carp. Sometimes but now always carp is used for fail-over. What is the external interface and which one is the internal one?
A short description/network diagram would be helpful
|
Nevermind, thanks to Norman on the misc-list I was told that my NAT rule was still wrong and if I allowed it from all I would have more luck translating from localhost to my external vic2 interface. So now it works.
If anyone wants to use my rules as a reference then know that you should not match out on $ExtIF from $IntIF:network but instead match out on $ExtIF from inet all nat-to ($ExtIF) so NAT can be done from all addresses on your system out through your external one.