仔细参考精华后设置IPF+NAT，还是有点问题，请帮忙

royce

碰到的问题：设置好后我在主机上运行ipnat -l看到如下提示
ipnat -l
List of active MAP/Redirect filters:
MAP 192.168.1.85        1397 <- ->;192.168.0.222 22581 [61.13.177.198 53]
MAP 192.168.1.85        1397 <- ->;192.168.0.222 22581 [61.13.177.197 53]
MAP 192.168.1.85        1396 <- ->;192.168.0.222 22580 [61.13.177.198 53]
MAP 192.168.1.85        137 <- ->;192.168.0.222 22581 [192.168.1.87 137]
而192.168.1.85这台机开网页没反映，ping也ping不到，但是主机上确实显示了，不知道哪里有问题，具体情况如下

NAT情况：主机外网网卡为dc0,IP=192.168.0.222(局域网给的地址） netmask=255.255.255.0  ,内网网卡为dc1,IP=192.168.1.1 netmask=255.255.255.252  ,client机只有一台(做实验，可以的话就让这台机器带整个网）,IP=192.168.1.85 netmask=255.255.255.252,目标是让主机带动client透明代理，能上qq和玩各种网络游戏

配置情况：
www# cat /etc/ipnat.conf
map dc0 192.168.0.0/16 ->; 0.0.0.0/32 proxy port ftp ftp/tcp
map dc0 192.168.1.0/24 ->; 0.0.0.0/32 portmap tcp/udp auto
map dc0 192.168.1.0/24 ->; 0.0.0.0/32

www# cat /etc/ipf.conf
block in all
block out all

# Possibly dangerous: packets with ip-options, short and fragmented packets
block in log quick on dc0 proto icmp from any to any
block in log quick all with short
block in log quick all with ipopts
block in log quick all with frag
block in log quick all with opt lsrr
block in log quick all with opt ssrr

# Local network traffic is allowed
pass out quick on lo0 all
pass in quick on lo0 all
pass out on dc1 all
pass in on dc1 all

# The pass rules to enable Services
pass in on dc0 proto tcp from any to any port = 20 flags S keep state
pass in on dc0 proto tcp from any to any port = 21 flags S keep state
pass in on dc0 proto tcp from any to any port = 22 flags S keep state
pass in on dc0 proto tcp from any to any port = 25 flags S keep state
pass in on dc0 proto tcp from any to any port = 80 flags S keep state
pass in on dc0 proto tcp from any to any port = 110 flags S keep state
pass in on dc0 proto tcp from any to any port = 443 flags S keep state
pass in on dc0 proto tcp from any to any port 55000 >;< 56000 flags S keep state

# The general pass rules.
pass out quick on dc0 proto tcp from any to any flags S/SAFR keep state keep frags
pass out quick on dc0 proto udp from any to any keep state keep frags
pass out quick on dc0 proto icmp from any to any keep state keep frags

剑心通明

www# cat /etc/ipnat.conf
map dc0 192.168.0.0/16 ->; 0.0.0.0/32 proxy port ftp ftp/tcp
map dc0 192.168.1.0/24 ->; 0.0.0.0/32 portmap tcp/udp auto
map dc0 192.168.1.0/24 ->; 0.0.0.0/32

换成：
www# cat /etc/ipnat.conf
map dc0 192.168.1.0/24 ->; 192.168.0.222/32 portmap tcp/udp auto
map dc0 192.168.1.0/24 ->; 192.168.0.222/32
map dc0 192.168.0.0/16 ->; 192.168.0.222/32 proxy port ftp ftp/tcp

试试。
另外可以把ipf.conf先写成
pass in all
pass out all