Hello!

I've got the following NAT setup on my gateway box:

st /etc# cat /etc/ipnat.conf
map ppp0 10.0.0.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map ppp0 10.0.0.0/24 -> 0.0.0.0/32 portmap tcp/udp 10000:65000
map ppp0 10.0.0.0/24 -> 0.0.0.0/32
rdr ppp0 0.0.0.0/0 port www -> 10.0.0.5 port www
rdr ppp0 0.0.0.0/0 port ssh -> 10.0.0.5 port ssh

This works fine, except in one case. I'd like to have web connections that
originate from my local (10.0.0.x) network and that are aimed at my gateway
machine (10.0.0.1) be redirected to 10.0.0.5. However, doing something like
  rdr we0 0.0.0.0/0 port www -> 10.0.0.5 port www
seems to catch all www traffic originating locally and do something nasty
with it.

Basically, I want to be able to have internal hosts look up my gateway's
current IP address using my dynamic (Monolith-provided) domain name, and be
able to access my web server. With my current rules, this works fine for
hosts outside my network, but I can't seem to figure out a good way to do it
from within the home network.

What's the best way to achieve this sort of redirection? I don't see anything
helpful in the ipf, ipnat, or hosts.allow man pages...

PS: My reading of the ipnat man page suggests that my line reading
  map ppp0 10.0.0.0/24 -> 0.0.0.0/32
is redundant. Is this the case? Also, is there somewhere I can find
documentation on rdr and ipnat-based proxying?

Thanks in advance...

PPS: Once I get this working at home, I'll be implementing it at work,
on our NetBSD-based firewall and server systems. <grin> They're not in
production yet, pending our move to our new site in a month or so, but
they're being set up now. :)

-- 
Mason Loring Bliss..mason@acheron.middleboro.ma.us..acheron.dyn.ml.org/mason
"In the drowsy dark cave of the mind dreams build their nest with fragments
  dropped from day's caravan."--Rabindranath Tagore..awake ? sleep : dream;