Still not working...   so I'm taking a different approach..
I have an extra IP, so I want to do a 1:1 mapping.  I've added the IP to
ifaliases, and want to confirm the following mapping makes sense.

rdr ep0 10.0.0.1/0 -> a.b.c.d/0        # changes source from 10.0.0.1 to
a.b.c.d to all external (internet) ports
map ne1 a.b.c.d/0 -> 10.0.0.1/0    # changes destination from a.b.c.d to
10.0.0.1 for all ports

----- Original Message -----
From: James Webster <James3838@tsi-net.com>
To: <netbsd-help@netbsd.org>
Sent: Tuesday, July 27, 1999 9:51 AM
Subject: Re: Configuring IPNat


> Maybe I should have been more specific.  These are just the rules for
these
> ports.  I have generic rules listed afterwards to handle generic
> redirection.
>
> Outbound is to the internet...
> Inbound is to my local machine...
>
> I need top allow connections (tcp) originated on port 47624 for 10.0.0.1
to
> go out on the internet on port 47624 (like a service).
> I need to allow connections (tcp/udp) originated on either the internet or
> the local machine on specific ports 2300-2400 and 28800-28912 to map to
the
> same port range on the other side of the internet.  I don't (think) need
> 2400 to map to 2400, just 2400 to map to 2300-2400.
>
> That said, maybe I need the following change:
> map ep0 10.0.0.1/0 port 47624 -> 0.0.0.0/32 port 47624
> rdr ne1 0.0.0.0/32 tcp/udp port 2300:2400 -> 10.0.0.1/0 tcp/udp port
> 2300:2400
> map ep0 10.0.0.1/0 tcp/udp port 2300:2400 -> 0.0.0.0/32 tcp/udp port
> 2300:2400
> rdr ne1 0.0.0.0/32 tcp/udp port 28800:28912 -> 10.0.0.1/0 tcp/udp port
> 28800:28912
> map ep0 10.0.0.1/0 tcp/udp port 28800:28912 -> 0.0.0.0/32 tcp/udp port
> 28800:28912
>
> where the inbound rules use rdr to change to the local address (If I
> understood Frederick correctly).
>
> Would it be possible to update the man page such that this critical
> information is included?  The current format is attrocious and doesn't
even
> explain the tags used.
>