FreeBsd/ipnat unter Vmware guest

[tufanocak]

Habe eine FreeBsd system in eine Vmware virtuelle maschiene installiert.Alles lauft gut,ausser dem ipfilter mit der Nat.Auch Dns,Apache,Squid laufen bei der freebsd (FreeBsd on Vmware on Xp) system ohne problem.Aber ich kann den Nat (mit ipfilter) nicht an die arbeit bringen.ich wurde gerne wissen ob es an der Vmware oder bei einer falschen configuration liegt.Hat jemand eine firewall im vmware machiene ohne problem installiert? (FreeBSD oder Linux) Oder hat jemand eine linux firewall installiert.Habe gleiche probleme bei der linux iptables.Hier meine liste bei der FreeBSD konfiguration:
i cant nat(ipnat) for example between 213.161.153.129 and 10.21.1.221
on port 80
Here my configurations:
external ip: lnc0=213.161.153.129
internal ip: lnc1=10.21.1.82
i have write IPFIREWALL;IPFIREWALL_FORWARD;IPFIREWALL_DEFAULT_TO_ACCEPT;IPDIVERT;
IPFILTER;DUMMYNET ...to give options to the kernel and compiled the
kernel without problem.
Also Apache,Dns,Squid works without any problem.

tufan# ifconfig
lnc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::250:56ff:fe40:543c%lnc0 prefixlen 64 scopeid 0x1
inet 213.161.153.129 netmask 0xffffff00 broadcast
213.161.153.255
ether 00:50:56:40:54:3c
lnc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.21.1.82 netmask 0xffffff00 broadcast 10.21.1.255
inet6 fe80::250:56ff:fe40:543d%lnc1 prefixlen 64 scopeid 0x2
ether 00:50:56:40:54:3d
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
ipf.rules:
pass out quick on lnc0 proto tcp from any to any keep state
pass out quick on lnc0 proto udp from any to any keep state
pass out quick on lnc0 proto icmp from any to any keep state

pass out quick on lnc1 proto tcp from any to any keep state
pass out quick on lnc1 proto udp from any to any keep state
pass out quick on lnc1 proto icmp from any to any keep state

pass in quick on lnc0 proto tcp from any to any keep state
pass in quick on lnc0 proto udp from any to any keep state
pass in quick on lnc0 proto icmp from any to any keep state

pass in quick on lnc1 proto tcp from any to any keep state
pass in quick on lnc1 proto udp from any to any keep state
pass in quick on lnc1 proto icmp from any to any keep state

ipnat.rules:
map lnc0 10.21.0.0/16 -> 213.161.153.129/32 proxy port ftp ftp/tcp
map lnc0 10.21.1.0/24 -> 213.161.153.129/32 portmap tcp/udp auto
map lnc0 10.21.1.0/24 -> 213.161.153.129/32
# map lnc0 from 10.21.0.0/16 to any -> 213.161.153.129/32
rdr lnc0 213.161.153.129/32 port 80 -> 10.21.1.221 port 80
rdr lnc0 213.161.153.129/32 port 21 -> 10.21.1.221 port 21

/sbin/ipfstat -t

tufan.com - IP Filter: v3.4.29 - state top 07:06:34

Src = 0.0.0.0 Dest = 0.0.0.0 Proto = any Sorted by = # bytes

Source IP Destination IP ST PR #pkts #bytes
ttl
10.21.1.82,22 10.21.1.80,2869 4/4 tcp 134 10036
119:59:59
213.161.153.1,2883 10.21.1.221,80 2/0 tcp 5 240
3:42
My host ip :213.161.153.1 (another computer when i wrote
http://213.161.153.129 on the internet explorer.
tufan# ipnat -l
List of active MAP/Redirect filters:
map lnc0 10.21.1.0/24 -> 213.161.153.129/32 proxy port ftp ftp/tcp
map lnc0 10.21.1.0/24 -> 213.161.153.129/32 portmap tcp/udp auto
map lnc0 10.21.1.0/24 -> 213.161.153.129/32
rdr lnc0 213.161.153.129/32 port 80 -> 10.21.1.221 port 80 tcp
rdr lnc0 213.161.153.129/32 port 21 -> 10.21.1.221 port 21 tcp

List of active sessions:
RDR 10.21.1.221 80 <- -> 213.161.153.129 80 [213.161.153.1
2935]
ich kann sehen,dass eine active session klapt,aber trotzdem kann ich nicht eine NAT mit der virtueller ethernet karte durchfuhren.