Im using PPPoE (or some other virtual interface/tunnel), how should I write my rulesets?
Any rule that needs to refer to the outside interface should refer to the VIRTUAL interface and NOT the physical interface. For example, if your physical interface is elxl0 and your PPPoE interface is ppp0, then all you will see on elxl0 is PPP Frames which IP Filter can’t understand anyway. Those frames will get unwrapped and ‘come in’ on ppp0 as IP packets which IP Filter can then read and filter. • So, if map a.b.c.d/M -> w.x.y.z/32 does NAT for all protocols, why do I need a map a.b.c.d/M -> w.x.y.z/32 portmap Well, the first one will do NAT for you. However it will ONLY try the source port requested, so if two machines on your network request a connection to the same place with the same source address, one of them will fail. However, if you have the portmap statement first, then if the source port is in use, it will try another source port in that range (you can specify a range instead of auto). • Well, after reading the answer to III-6, do I have to have the first rule if I have
