> I'm trying to figure out how to configure a NetBSD machine connected on
> the WAN side an IP NAT router, to let me rexec and rlogin to it. I want to use
> a couple Windows machines with an X server running on them to communicate with
> the NetBSD box, but I can't seem to get past the authentication problems.
> 
> I have a feeling that stock NetBSD-1.5.X blocks requests from NAT'd IP address.

?????

Assuming that your NetBSD box isn't itself doing any localhost packet
filtering, the "problem" is most likely in your NAT router.  If you
read the man pages for 'rshd', 'rlogind', and 'rexecd', you'll see
that for any connection to one of those services, the sever attempts
to open a second connection back to the client.  Check the logs of
your NAT-ing machine.  I'll bet you see blocked connections from the
NetBSD host.  Even if you allow connections from the port range the
NetBSD host uses, it still probably won't work, because as far as
any external host is concerned, all connections come from the NAT
host, so all return connections will go to that host.  External hosts
can't "see" anything behind the NAT router - which is, after all, the
whole point of NAT.

> 
> Is there a way to do this?

	- Use 'ssh' instead of 'rsh'/'rolgin'/'rexec'.
	- Run proxies for 'rsh'/'rlogin'/'rexec' on your NAT gateway
	- Set up a tunnel from your internal network to the NetBSD.
	   host, so that host has an interface on the internal network.
	- Do something else that I haven't thought of.

David S.

>