netbsd-help: Re: web server behind nat/ipf

Subject: Re: web server behind nat/ipf
To: Warrick, Bill (STL) <BWarrick@slpcapital.com>
From: Dr. Rene Hexel <rh@vip.at>
List: netbsd-help
Date: 08/21/2000 17:31:54

"Warrick, Bill (STL)" wrote:

> My ipnat.conf looks like
> 
> map ne2 192.168.0.0/24 -> 0/32
> rdr ep0 0/32 port 80 -> 192.168.0.200 port 80 tcp
> 
> Even though my ipf.conf is pretty wide open nothing outside my private
> network can get to the web server.

  Try

map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32 portmap tcp/udp 40000:60000
map ne2 192.168.0.0/24 -> XXX.XXX.XXX.XXX/32
rdr ne2 XXX.XXX.XXX.XXX/32 port 80 -> 192.168.0.200 port 80 tcp

  instead (where XXX.XXX.XXX.XXX is your "real" IP address, of course). 
As you can see, all translation is done on your external interface.  See
ipnat.conf(5) and /usr/share/examples/ipf for some more examples ...

  Cheers
      ,
   Rene