this is somewhat related to Caloro's setup.  I have a NetBSD box
providing NAT duties for my internal hosts, it looks like this:

(10.0.0.0/8) <--> (10.0.0.1 on le0) NAT (publicIP on le1) <--> internet

NAT is working fine, and port redirections are working from the internet
to my internal machines.  I'd like to hit the next step: inside-in port
redirects, IE connections to publicIP:80 need to be forwarded back into
the internal network.  I'd like to do this to avoid split DNS for my
public name.  right now hosts on the private network need to use private
names to access local services.  Ideally they should be able to use
either.

the standard outside-in redirect isn't applicable in this case:
map le1 10.0.0.0/16 -> 209.162.215.114/32 portmap tcp/udp 1025:65000
map le1 10.0.0.0/16 -> 209.162.215.114/32

rdr le1 0/0 port 80 -> 10.0.0.6 port 80 tcp

I've tried adding the following, but it doesn't seem to work:

rdr le0 10.0.0.0/8 port 80 -> 10.0.0.6 port 80 tcp

-- 
  Aaron J. Grier | "Not your ordinary poofy goof." | agrier@poofygoof.com
  "Isn't an OS that openly and proudly admits to come directly from Holy
   UNIX better than a cheap UNIX copycat that needs to be sued in court
   to determine what the hell it really is?"  --  Michael Sokolov