Subject: Usage of ipnat with 'rdr' command
To: None <current-users@NetBSD.ORG,>
From: Markus Kilbinger <>
List: current-users
Date: 06/08/1997 12:06:42

I tried to install a hidden telnet account behind a firewall using the
ipfilter packet of NetBSD-current (end of May). Installing the 'ipf'
stuff (blocking out all not telnet packages) works quite well, but the
redirection of the telnet connection through the firewall via 'rdr
...' doesnt work!?

Here my steps of using ipf/ipnat:

1. '/usr/sbin/sysctl -w net.inet.ip.forwarding=0'

2. 'ipf -E -Fa -f /etc/ipf.conf'


    block in on ed1 all
    pass in on ed1 proto tcp from to any
    block out on ed1 all
    pass out on ed1 proto tcp from any to port = telnet
    block in on ed1 all with frag
    block in on ed1 proto tcp all with short

3. 'ipnat -f /etc/ipnat.conf'


    rdr ed0 port 7777 -> port telnet

4. '/usr/sbin/sysctl -w net.inet.ip.forwarding=1'

My ether devs are:

      mtu 1500
        address: 00:00:c0:f1:5e:c8
        inet netmask 0xffffff00 broadcast
      mtu 1500
        address: 00:00:c0:ac:c3:d3
        inet netmask 0xffffff00 broadcast

When trying to 'telnet 7777' from the 'ed0' net (a
192.11.100.x machine) I can see an araising ipnat rule with 'ipmon'
and 'ipnat -l', but no working telnet connection to

What's my mistake?