NAT on Cat 4006

Does the Sup IV module running IOS software allow for NAT configuration? If so, what release?

No. Not supported due to hardware limitations.

Similar Messages

  • Configuration required in Cat 4006 to forward errors to syslog server

    Hi,
    I have setup a Kiwi syslog server. I want to configure in my Cat 4006 switch to forward the following messages to my syslog server
    1. configuration changes
    2. Vlan creation /modification
    3. Power supply failures/module failures/temperature
    4. When the processor utlization exceeds more than 75% , it should send a alert message to syslog server
    5. Switch restart
    6. Trap for any changes in Uplink ports only. There are 4 uplinks to other Switches from 4006. If any problem with these ports (uplink), it should send message to syslog server , not for all ports
    Thanks in advance
    Raju

    Hi
    I feel this link will be of some help to u in configuring different severity levels for different facilities available.
    http://www.cisco.com/en/US/partner/products/hw/switches/ps663/products_configuration_guide_chapter09186a00800d81c8.html
    By default for abnormal temp conditions u will get logs in the syslog server if u have already pointed the logs to the syslog server..
    regds

  • Cat 4006 S3 - Attached hosts Net access very slow prior to reboot

    I have a CAT 4006 sup III running 12.1(11b)EW1 with a number of servers attached. Users started having problems accessing servers. After investigating all the impacted servers were connected to the same switch. The switch was appeared to be operating normally. Show proc cpu, show proc mem, show logging, and ping tests all normal. Warm booted switch and asics on sup failed bootup diag. Cold boot of the switch got it back up and running. Cisco Tac reviewed the post problem sh tech with no findings.
    Any ideas?

    No L2 loops and it was a hopefully isolated incident. We have to switches that are identical in hardware and IOS and only one was impacted.
    clients of systems attached to the switch would have intermittently slow or non existent access to the host systems. Problems included saving files on network drives, email down, very slow or failed logins, application launches were slow or failed.
    No messages were showing up in the switch log, let alone messages referred in the tech note. We have had asic issues on line cards in the past. Those instances were on different switches and created volumes of errors.
    Layer 2 seemed fine. Pings were worked without fail. Console broadcast messages from host systems on the impacted switches made it out to clients.
    Keep thinking it wasn't a switch problem but the reboot did fix the issue.
    I will be replacing the sup card and doing a IOS upgrade this weekend.

  • How to do NAT on cat 3750 switch?

    give me an example or a link
    thanks

    Hi,
    NAT is not supported on the 3750s. Here is a link that confirms that:
    http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00802c10bd.html#wp1031988
    Pls do remember to rate posts.
    Paresh

  • Cat 4006 Sup CPU running high

    I'm trying to fix a condition where my cat sups CPUs are running 80% and higher all day. I have read that having POE line cards adds to the cpu overhead. Should turning off inlinepower device detection lessen the load on the cpu? id set port inlinepower mod/port off

    Hi
    These 2 links can be helpful to understand the main reason for the spike in cpu utilisation which can help u out in troubleshooting the same.
    You can find out the process which takes out the max of the CPU cycle,once you are done with the findings about the process you can start off proceeding with containing the same.
    http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a00804cef15.shtml
    http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a0080094956.shtml#highcpu
    regds

  • Cat 4006 ports leaving /joining

    Hi,
    I'm experiencing this problem in my 4006 Switch. This has a only one Uplink to 3750 L3 Switch. What happens , in normal case , I'm getting this error eventhough hosts (PC's )connected with these ports are ON only (no reboot). In normal case, ports are leaving /joining which makes me feeling something to do STP.
    Regards,
    Raju
    2005 Dec 01 04:02:21 %PAGP-5-PORTFROMSTP:Port 4/28 left bridge port 4/28
    2005 Dec 01 04:01:27 %PAGP-5-PORTTOSTP:Port 3/47 joined bridge port 3/47
    2005 Dec 01 04:01:06 %PAGP-5-PORTFROMSTP:Port 3/47 left bridge port 3/47
    2005 Dec 01 04:00:51 %PAGP-5-PORTTOSTP:Port 4/47 joined bridge port 4/47
    2005 Dec 01 04:00:24 %PAGP-5-PORTFROMSTP:Port 4/47 left bridge port 4/47
    2005 Dec 01 03:59:59 %PAGP-5-PORTTOSTP:Port 3/14 joined bridge port 3/14
    2005 Dec 01 03:59:44 %PAGP-5-PORTTOSTP:Port 3/47 joined bridge port 3/47
    2005 Dec 01 03:59:39 %PAGP-5-PORTFROMSTP:Port 3/14 left bridge port 3/14
    2005 Dec 01 03:59:25 %PAGP-5-PORTFROMSTP:Port 3/47 left bridge port 3/47
    2005 Dec 01 03:59:02 %PAGP-5-PORTTOSTP:Port 3/14 joined bridge port 3/14
    2005 Dec 01 03:58:58 %PAGP-5-PORTTOSTP:Port 4/47 joined bridge port 4/47
    2005 Dec 01 03:58:42 %PAGP-5-PORTFROMSTP:Port 3/14 left bridge port 3/14
    2005 Dec 01 03:58:37 %PAGP-5-PORTFROMSTP:Port 4/47 left bridge port 4/47
    2005 Dec 01 03:57:42 %PAGP-5-PORTTOSTP:Port 3/47 joined bridge port 3/47
    2005 Dec 01 03:57:22 %PAGP-5-PORTFROMSTP:Port 3/47 left bridge port 3/47
    2005 Dec 01 03:57:12 %PAGP-5-PORTTOSTP:Port 4/47 joined bridge port 4/47
    2005 Dec 01 03:57:07 %PAGP-5-PORTTOSTP:Port 5/20 joined bridge port 5/20
    2005 Dec 01 03:56:59 %PAGP-5-PORTTOSTP:Port 3/14 joined bridge port 3/14
    2005 Dec 01 03:56:51 %PAGP-5-PORTFROMSTP:Port 4/47 left bridge port 4/47
    2005 Dec 01 03:56:49 %PAGP-5-PORTFROMSTP:Port 5/20 left bridge port 5/20
    2005 Dec 01 03:56:40 %PAGP-5-PORTFROMSTP:Port 3/14 left bridge port 3/14

    Hello Raju,
    basically, the message means that your ports are flapping, which could be caused by speed/duplex mismatches. Can you verify that both the switch and the user PC have the same settings (either auto or fixed duplex/speed setting)?
    Also, make sure you have 'spanning-tree portfast' configured on your user ports...
    HTH,
    GP

  • 4006: 802.1x support?

    EOL has been announced for Cat 4006. Is anyone out there using 802.1x on these switches. If yes, could you please let me know what is the IOS.
    The cisco feature selection tool (http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp) says 8.4(11)GLX is available on CAT4000 with 802.1x. Not sure if it's the same.
    Thanks
    Ravi

    The 4006 can have either sup 1 or sup 2 which are no longer being sold, these run CatOS. 4006 Chassis can alos support Supervisor Engine III (WS-X4014), and Supervisor Engine IV (WS-X4515) which runs IOS. 802.1x feature was first supported in version 6.2 for CatOS and since 12.1(19)EW on IOS.
    CatOS Release Notes:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/relnotes/ol_2117.htm
    CAt IOS Release Notes:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/relnotes/ol_2170.htm
    So, I hope this answers your questions:
    Is anyone out there using 802.1x on these switches. If yes, could you please let me know what is the IOS.
    A: Sup1 and Sup2 for Ca4000 can only run CatOS. 802.1x had been supported since 6.2. Sup2+, Sup3 and Sup4 runs IOS and 802.1x had been supported since 12.1(19)
    The cisco feature selection tool (http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp) says 8.4(11)GLX is available on CAT4000 with 802.1x. Not sure if it's the same.
    A: 802.1x is 802.1x for CatOS or Cat IOS just the CLI will change so one and the same
    Please rate all posts.

  • Catalyst 4006 Supervisor Engine 3 - routing features

    How to ensure the Supervisor Engine 3 module has been integrated into Catalyst 4006? Any command I can use to make sure this? I am going to use it to do all routing for a enterprise network.....

    I do not understand your question. Sup3 for CAT 4006 runs IOS and can route EIGRP/OSPF/IS-IS with enhanced image and RIP/static routes with Basic image.

  • A very odd VLAN question -please help

    Hi,
    We have two subnets 10.1.1.0 and 10.1.2.0 and these subnets are phisically separated. we also have two VLANS, VLAN 2 and 3, please think of the VLAN 2 as the default VLAN 1. strenge, it has been like this when I took over. there is no trunking between these two VLANS. 10.1.1.0 is the main network and all the servers and users arfe on it and 10.1.2.0 is a Dev environment and some development severs are on it.
    I have given an IP address from the maon subnet i.e. 10.1.1.0 to a switch which is used for Dev environment on its SC0 and have assigned it to VLAN 2 but the rest of the 10.1.2.0, i.e. the Dev environment is on VLAN 3. from the main network I cannot ping that IP address (naturally) and I don't know how to build on what we currently have without making major changes and build over time as transparant as possible.
    I am sorry for this very long expalanation.
    I guess I need to know if I can make trunking between these two VLANs, i.e. VLAN 2 (main 10.1.1.0) and VLAN 3 (Dev environment 10.1.2.0) with out needing a router? of if I need a router, how? so that I can build upon it over time.
    well, I have given an IP address from main subnet from VLAN 2 to a swotch which is for VLAN 3 or Dev environment!!! I really didn't know how to do this in order to make it as trasnparant possible to others since I am not in charge of the AD and the servers.
    Please forgive me for my somehow vague explanation and I hope I could have made a question.
    Thanks,
    Masood

    Hi and thanks for responding. Almost all my switches are L2/L3 Cisco CAT switches with two 3560 at the edge with knowledge of public network located between my two border routers and my Firewalls. My main switch is a Cisco CAT 4510 R with is a layer 2 and 3 switch with Cisco IOS and a few 3550s and 3512s around. I also have two CAT 4006s with CAT OS but these aren't my current concern as I know that I need to either use one of these swithes or a router to route between my VLANs. I do have a Cisco Router, a 2621 as my main router with its fa 0/1 is used for my two mian subnets (servers, devices, and users are on these two subnets 10.1.1.0 and 10.1.4.0) and the DHCP server is givng out IPs out of these two private subnets. the other interface on this router fa0/0 is used for 10.1.2.0 which is totally isolated subnets with a bounch of servers on it called Dev Environment. The AD guys want it this way.
    Ok, now, when I take over this network I realized that those people who were looking after this network had created two VLANs, VLAN 2 (acting as the default VLAN 1 actually and used for managemnt of devices too) and VLAN 3 (VLAN 3 is for 10.1.2.0, i.e. the DEv Evironment, so bacically all of my devices, servers and users are on VLAN 2!!! and no trunking.....
    I have provided a Diag of my network topology.
    what I need to do is to find the best way to create a few more VLANs on my main network (10.1.1.0 and 10.1.4.0) and put all the servers on one VLAN; say VLAN 2 and few other segments and ten start to route between them by trunking. My problem is that the AD guys do not want to get involve and do not want (one of them my boss) to do IP renumbering so i need to do this at the L2 (by MAC addrss may be) and then use the router or (I can upgrade my main router to provide more interfaces with more mem and processing power) and use t to route between VLANs. this router is also used to connect us to a remote office where we have our Web Servers hosted via a T1 point-to-point as we are an online business so I need to be very carefull with this mission and have all the server and web Servers at this locations and my remote locations (10.5.1.0) on a same VLAN and then user on different VLANs by segmenting departments.
    Now, you see my delema and the challange that I am facing. how this can be done slowly and gradually. first adding one more VLAN put all the servers on it (also, back interfaces and clustering of servers in mind) and users on another, then, start trunking and see how it works. if all goes well then I can start creating more VLANs and that would be the easy part and point them to the trunk Interface / Link.
    Your thoughts will be greataly apreciated.
    Thx,
    Masood

  • Assigning multiple ports/interfaces to a VLAN-Switch-IOS

    Hi,
    I am trying to assign ports/Interfaces to VLAN 2 but need to assign the whole blade or many ports on two or three blades to VLAN 2. Switch CAT 4500 running Cisco IOS - I can only do one port/interface at a time:
    Switch-4500(config)# interface fastEthernet 0/2
    Switch-4500(config-if)# switchport access VLAN 2
    vlan Set VLAN when interface is in access mode
    So this way, as explained above one port at a time gets assigned to a VLAN. I need to do multiple ports. how can I do this if possible at all.
    Thanks,
    Masood

    Thanks for getting back to me. You know, I have taken over this network just recently and have realized that the company that was taking care of this network had done this way:
    1 main subnet (Uers, Servres,WS, ect)- VLAN2
    1 Development Subnet - VLAN 3 - still active but not in use
    So all of my switches, i.e. two CAT 4006, Two CAT 3560, and one New 4500 (just purchased) all on VLAN 2. the main CAT switch has VLAN 3 information since the DEV subnet connects to it as well.
    Now , I am trying to create 4 or 5 functional VLANS for my main network (currently has all my switches and Three Routers in it and VLAN 2).
    2 CAT 4006 switch
    1 CAT 4500 Switch
    2 CAT 3560
    1 CAT 3550
    2 CAT 2948-G-TX
    2 Border or Gateway Routers Cisco 2621
    1 gateway Router 2621 (Connects this office to a remote extention to this office using a point to point T1 and at th eother end - Private IP, connects to Internet Via an ISP).
    My two border Router - public IP and connects two T1a, one prim and the other one shadow.
    I guess my question is:
    what would be the best way to create VLAN 2,3,4,5,6
    using the above switches and routers and have Intervlan communications through Truncking and management through VTP or else.
    I want to create VLANs in such a way that if a user belong to VLAN2 seats at 12 flr and another user belong to this same VLAN 2 seats at 14 floor makes no difference, so independent of users location - how do I do the port assignment on the switches to do this? No resource or network file resource segmentation needed sonce all users wil acess same information.
    I really appreciate your sugestions and help.
    Regards,
    Masood

  • SNMP incomplete dot1dBasePortIfIndex

    Hi,
    i'm trying to recover ports associated to mac addresses using SNMP.
    All works fine on my cat 3500 switches :
    "snmpwalk -c public <3500's IP> dot1dBasePortIfIndex"
    lists all the ports corresponding to the indexes, but on my cat 4006 I only get the ports that correspond to the indexes of vlan trunk interfaces : I can't get ports numbers corresponding to 1-vlan interfaces.
    As indicated here : http://www.cisco.com/warp/public/477/SNMP/cam_snmp.html I tried all 'public@<vlan_id>' for the community string but it doesn't solve the problem, I only get indexes of vlan trunks interfaces.
    I'm using the IOS version 12.1(20)EW2. I'm not sure but I did not noticed this problem with the version I used some times ago (12.1(11b)EW).
    Does anyone solved this problem ? Does an IOS upgrade would fix it ?
    Thank you for your help !
    Y.B.

    If you are working on using SNMP to find the Port to MAC address association, you could refer to http://www.cisco.com/en/US/partner/tech/tk648/tk362/technologies_tech_note09186a00801c9199.shtml

  • Supervisor Engine 3

    1.Is all the default Cat 4006 come with supE3 module??
    2. From the attachment, i notice there are ws-x4014, ws-x4306-GB, ws-x4148-RJ module attached at cat. Is that supE3??
    Is this cat equipted with routing function??

    Hi,
    1. Cat4006 doesnot come default with SupE3 module. The chassis is just blank and you have to chosse the modules that you want to run.AFA Sup 3 goes it is supported on on Cat4006-S3 chassis. If you have any chassis other than the above mentioned, it will not work.Cat4006 chassis also support Sup1 and Sup2.
    2 WS-X4014 is the Sup3 with built in routing card/feature on that.WS-X4306and WS-X4148-RJ are the line cards for the chasis.
    Please see the link for more info:http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_18a/ol_2170.htm#xtocid4
    regards,
    -amit singh

  • NATIVE VLAN on 4006(CAT OS )Switch

    HI,
    How can we configure Native Vlan on 4006(CAT OS) switches??
    Thanks in Advance.

    Hi,
    To control the tagging of the native VLAN traffic on 802.1Q private VLAN trunks, use the tag command.
    switchport private-vlan trunk native vlan
    Rate if it does,

  • Problem with NAT? can get to web server internally but not externally

    We are trying to setup our helpdesk software website so external users
    can access it. However, we have been unsuccessful. We don't have any
    issues accessing it internally from our 10.1.1.X LAN
    We have had our ISP setup a public DNS "A" record of
    customerservice.amerinet-gpo.com which resolves to 198.88.234.40 and that
    appears to be working.
    Next we added a NAT to our Firewall to take 198.88.234.40 traffic and put
    it to the local IP of 10.1.1.23 which is our local address for the
    webserver running the helpdesk software.
    We also made sure that BM filters are allowing traffic on ports 80 and
    443 to the local IP as well.
    We have 4 other webservers (on a separate servers than our helpdesk
    software website) that are exposed to the outside in this same manner and
    all work fine.
    The helpdesk website is on Windows 2003 server SP1 running IIS 6.0. Our
    firewall server is NetWare 6 SP5 and BM 3.7 SP3.
    I have tried to just telnet to the public IP of 198.88.234.40 on port 80
    and it times out. I can't understand why, and have checked my entries on
    BM and even deleted and re did them 3 times to make sure I didn't make a
    mistake. I even have another web server on that block NAT'd the same way
    and it works (198.88.234.36), if you telnet to it on port 80 it goes
    right away.
    What else can I try? Any insight would be greatly appreciated!
    Thanks,
    SCOTT

    > > ok, the easiest way to calculate valid addresses is to use an IP
    subnet
    > > calculator. The one I like the most is the free utility by Wildpackets
    > >
    http://www.wildpackets.com/products/...tcalc/overview
    > >
    > > Anyway, with a 255.255.255.248 network mask the valid IP addresses
    > > associated to the primary address of your BM server are in the range:
    > > 198.88.234.33-198.88.234.38
    > > therefore .40 isn't included. Actually .40 is the subnet identifier
    of
    > a
    > > separate subnet. The addresses from .33 to .38 are the ones you can
    use.
    > >
    > > --
    > > Cat
    > > NSC Volunteer Sysop
    >
    > I was mistaken, the subnet for that block is 255.255.255.240 so I was
    > told by our ISP that our range was is 198.88.234.32 to 198.88.234.47
    or
    > 14 usable IPs since first and last are unusable.
    >
    > We have 3 different IP blocks from our ISP, the above 198.88.234.32 one
    > with the 255.255.255.240 subnet, then a 199.217.136.184 with
    > 255.255.255.248 subnet and finally a 198.88.233.1 with a
    255.255.255.248
    > subnet.
    >
    > So I think we should be able to use the 198.88.234.40 address.
    >
    > SCOTT
    >
    I was really hoping that we had the wrong sub net in BM for the
    198.88.234.32 block! When I read your post last night, I thought that's
    gotta be it...sadly I checked and it does have it as 255.255.255.240 when
    I look in inetcfg under bindings. I even checked our Cisco router as
    well to make sure it had the sub net correct since this is the first time
    I've tried to use an IP above 198.88.234.36. The router looked fine as
    well. Is there anyplace else that this could be wrong, maybe a config
    file on BM or something?
    Thx,
    SCOTT V.

  • Solaris 10 as router using ipfilter and nat

    Hi,
    I installed Solaris 10 on a second disk on an Ultra 5, but have no
    success on using
    ipfilter with NAT.
    I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
    I have pfil on both interfaces (hme0 internal and qfe0
    external-internet) and ipfilter enabled. I used the working rule sets
    from Solaris9 and have ip-forwading enabled. IPFilter is working on the
    external interface, but none of the hosts on the internal network can
    connect through the router to the internet, but they can ping both
    interfaces.
    I had the same problem with Solaris 9 using ipfilter 4.x and had to go
    back to 3.4.35.
    ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
    connections. ndd -get /dev/ip ip_forwarding returns 1.
    Following are my rules:
    ipf.conf
    lock in log quick all with opt lsrr
    block in log quick all with opt ssrr
    block in log quick all with ipopts
    block in log quick proto tcp all with short
    block in log quick proto icmp all with frag
    block in log quick on qfe0 from 10.0.0.0/8 to any
    block in log quick on qfe0 from 127.0.0.0/8 to any
    block in log quick on qfe0 from 169.254.0.0/16 to any
    block in log quick on qfe0 from 172.16.0.0/12 to any
    block in log quick on qfe0 from 192.0.2.0/24 to any
    block in log quick on qfe0 from 192.168.0.0/16 to any
    block in log quick on qfe0 from 204.152.64.0/23 to any
    block in log quick on qfe0 from 224.0.0.0/3 to any
    block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
    block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
    block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
    block in log on qfe0 all
    block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
    block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
    pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
    pass out quick on qfe0 proto udp all keep state keep frags
    pass out quick on qfe0 proto icmp all keep state keep frags
    pass out quick on qfe0 all
    pass in quick on lo0 all
    pass out quick on lo0 all
    pass in quick on hme0 all
    pass out quick on hme0 all
    ipnat.conf:
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
    raudio/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
    h323/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
    aaa.aaa.aaa.aaa = internal network
    bbb.bbb.bbb.bbb = external
    My routeadm statement shows:
    Configuration Current Current
    Option Configuration System State
    IPv4 forwarding enabled enabled
    IPv4 routing enabled enabled
    IPv6 forwarding disabled disabled
    IPv6 routing disabled disabled
    IPv4 routing daemon "/usr/sbin/in.routed"
    IPv4 routing daemon args ""
    IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
    IPv6 routing daemon "/usr/lib/inet/in.ripngd"
    IPv6 routing daemon args "-s"
    IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
    Any suggestion what more checks I should do or what additional information is needed.
    Regards,
    Horst

    Hi,
    I installed Solaris 10 on a second disk on an Ultra 5, but have no
    success on using
    ipfilter with NAT.
    I have it working on the first disk with Solaris 9 and ipfilter 3.4.35.
    I have pfil on both interfaces (hme0 internal and qfe0
    external-internet) and ipfilter enabled. I used the working rule sets
    from Solaris9 and have ip-forwading enabled. IPFilter is working on the
    external interface, but none of the hosts on the internal network can
    connect through the router to the internet, but they can ping both
    interfaces.
    I had the same problem with Solaris 9 using ipfilter 4.x and had to go
    back to 3.4.35.
    ipfstat shows all rules are loaded and ipnat -l shows the rules, but no
    connections. ndd -get /dev/ip ip_forwarding returns 1.
    Following are my rules:
    ipf.conf
    lock in log quick all with opt lsrr
    block in log quick all with opt ssrr
    block in log quick all with ipopts
    block in log quick proto tcp all with short
    block in log quick proto icmp all with frag
    block in log quick on qfe0 from 10.0.0.0/8 to any
    block in log quick on qfe0 from 127.0.0.0/8 to any
    block in log quick on qfe0 from 169.254.0.0/16 to any
    block in log quick on qfe0 from 172.16.0.0/12 to any
    block in log quick on qfe0 from 192.0.2.0/24 to any
    block in log quick on qfe0 from 192.168.0.0/16 to any
    block in log quick on qfe0 from 204.152.64.0/23 to any
    block in log quick on qfe0 from 224.0.0.0/3 to any
    block in log quick on qfe0 from aaa.aaa.aaa.0/24 to any
    block in log quick on qfe0 from any to aaa.aaa.aaa.0/32
    block in log quick on qfe0 from any to aaa.aaa.aaa.255/32
    block in log on qfe0 all
    block out quick on qfe0 proto tcp/udp from any port 136 >< 140 to any
    block out quick on qfe0 proto tcp/udp from any to any port 136 >< 140
    pass out quick on qfe0 proto tcp all flags S/SA keep state keep frags
    pass out quick on qfe0 proto udp all keep state keep frags
    pass out quick on qfe0 proto icmp all keep state keep frags
    pass out quick on qfe0 all
    pass in quick on lo0 all
    pass out quick on lo0 all
    pass in quick on hme0 all
    pass out quick on hme0 all
    ipnat.conf:
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port ftp ftp/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 7070
    raudio/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 proxy port 1720
    h323/tcp
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32 portmap tcp/udp auto
    map qfe0 aaa.aaa.aaa.0/24 -> bbb.bbb.bbb.bbb/32
    aaa.aaa.aaa.aaa = internal network
    bbb.bbb.bbb.bbb = external
    My routeadm statement shows:
    Configuration Current Current
    Option Configuration System State
    IPv4 forwarding enabled enabled
    IPv4 routing enabled enabled
    IPv6 forwarding disabled disabled
    IPv6 routing disabled disabled
    IPv4 routing daemon "/usr/sbin/in.routed"
    IPv4 routing daemon args ""
    IPv4 routing daemon stop "kill -TERM `cat /var/tmp/in.routed.pid`"
    IPv6 routing daemon "/usr/lib/inet/in.ripngd"
    IPv6 routing daemon args "-s"
    IPv6 routing daemon stop "kill -TERM `cat /var/tmp/in.ripngd.pid`"
    Any suggestion what more checks I should do or what additional information is needed.
    Regards,
    Horst

Maybe you are looking for

  • Can no longer connect to the internet.  Tried 4 modems/routers.  Imac 2007 (Intel).

    I used a Netgear modem/router successfully since 2007 until early this year.  Connection the started dropping fairly oftem.  Borrowed old-ish Airport Extreme which worked for a while and then did the same thing.  Bought a cheap Belkin modem/router wh

  • Not connected in the internet?? after i updated my itunes to 10.5.3.3

    after i updated my itunes to 10.5.3.3 i cannot update my ipad to ios5. it says i cannot connect to the software update server because im not connected to the internet?! i already checked the firewall settings and still it cannot connect to the softwa

  • User-Exit for MR1M/MIRO

    The unplanned delivery costs can be posted with the help of the User Exit EXIT_SAPLMRMH_014 (for Transaction MR1M / MIRO). It is not possible to settle planned delivery costs. To pass Unplanned Delivery costs (freight), you have to fill also the tax

  • Firmware updates. I've got the message!

    Recently ran firmware updates for RAID card and Cinema display and worked fine. But slightly annoyingly every time I start up I get the messages saying Your firmware is up-to-date. Your computer's Mac Pro RAID Card firmware is up-to-date. This has be

  • Comparator to a TreeMap

    Hi I insert to a TreeMap (kays,values) where the values contains a custom class.in the constructor of TreeMap I want to insert a comparator wich will sort the records by a variable of the custom class I made. How can I do it? my custom class public c