View Single Post
  #4   (View Single Post)  
Old 13th October 2011
nocturnal nocturnal is offline
New User
Join Date: Oct 2011
Posts: 6

Originally Posted by J65nko View Post
What are you trying to achieve? Allow clients from the internal net to use ftp servers on the internet? Or allow external clients to access a ftp-server in a DMZ?

You have 4 interfaces: vic0, vic2, vic3 and vic4. vic2 and 3 are used for carp. Sometimes but now always carp is used for fail-over. What is the external interface and which one is the internal one?
A short description/network diagram would be helpful
Nevermind, thanks to Norman on the misc-list I was told that my NAT rule was still wrong and if I allowed it from all I would have more luck translating from localhost to my external vic2 interface. So now it works.

If anyone wants to use my rules as a reference then know that you should not match out on $ExtIF from $IntIF:network but instead match out on $ExtIF from inet all nat-to ($ExtIF) so NAT can be done from all addresses on your system out through your external one.
Reply With Quote