Jeffrey Hsu skrev: Now that we have IPFW2 working (or will soon) thanks to Gary Allan's tracking down the problem with ethernet headers, I wouldn't mind getting rid of IPFW1. But IPFW2 still uses natd right? It's a ridicilously bad design of a NAT system, it kills every mapping you have if you wanna load up a new config. - Erik