netbsd-help: How to redirect through ipnat?

Subject: How to redirect through ipnat?
To: None <netbsd-help@netbsd.org>
From: Melnikov Denis <denis.melnikov@regent.ru>
List: netbsd-help
Date: 12/13/2005 16:30:21

Please help!

I'm really confused with ipf & ipnat.

|  Internet  |
+-----+------+
      |
100.100.200.200
     fxp0
+-----+------+
|  firewall  |
+-----+------+
     fxp1
10.0.0.1
      |
+-----+--------+
| Intranet     |
           +---+------------+
           | Remote Desktop |
           | 10.0.0.2:3389  |
           |  Web site      |
           | 10.0.0.2:80    |
           +----------------+

I need to access to Win2k Remote Desktop (port 3389)
from Internet. And to HTTP-port too.
What minimal settings of kernel, ipf, ipnat should I use?

I tried to set:

options GATEWAY

ipnat.conf:

map fxp0 10.0.0.0/16  -> 0.0.0.0/32  portmap tcp/udp 40000:60000
map fxp0 10.0.0.0/16  -> 0.0.0.0/32
rdr fxp0 100.100.200.200/32 port 3389 -> 10.0.0.2 port 80 tcp
rdr fxp0 100.100.200.200/32 port 3389 -> 10.0.0.2 port 80 udp
rdr fxp0 100.100.200.200/32 port 3389 -> 10.0.0.2 port 3389 tcp
rdr fxp0 100.100.200.200/32 port 3389 -> 10.0.0.2 port 3389 udp