I'm posting on behalf of a friend of mine, who gave me this information: kernel, sources of about last sunday noon (CEST): DragonFly gate.int.diddens.de 1.1-CURRENT DragonFly 1.1-CURRENT #0: Tue Aug 24 08:34:28 CEST 2004 p@gate.int.diddens.de:/usr/obj/usr/src/sys/APOLLO i386 upgraded from freebsd 4.10 beta system, build complete dragonflybsd world and kernel according to the website, using IPFW2=TRUE in make.conf and options IPFW2 in the kernel configuration network setup: 3 interfaces + PPPoE LAN: xl0 (192.168.0.0/24) PPPoE: tun0 over ed0 DMZ: ed2 (10.0.0.0/24) ed1 doesn't exist, ed2 is an ISA card natd is started via "natd -f /etc/natd.conf" /etc/natd.conf: interface tun0 use_sockets yes dynamic yes the ipfw configuration is: divert all from any to any via tun0 he also tried adding more finegrained rules (from 192.168.0.0/24 to any, etc) but that didn't change anything packets from ed2 to tun0 are processed by natd (so the source IP in the tcpdump would match the IP from tun0), those from xl0 to tun0 are not: tcpdump -n -i tun0: 21:01:32.337727 IP 192.168.0.100 > 216.240.41.25: icmp 64: echo request seq 1 21:01:33.347884 IP 192.168.0.100 > 216.240.41.25: icmp 64: echo request seq 2 the ipfw rule counter isn't counting thanks for help