netbsd-users: NAT in one direction, passing packets in the other

Subject: NAT in one direction, passing packets in the other
To: None <netbsd-users@netbsd.org>
From: Steve Bellovin <smb@research.att.com>
List: netbsd-users
Date: 09/27/2004 20:48:43

I have the following setup:


	Internet -- GWa ----------GWb---------
                            |            |
                          host1        host2

GWa is a commercial "router" (i.e., a NAT box + hub), which I'll some 
day replace with NetBSD on a Soekris or some such.  GWb runs NetBSD 2.0beta.
On GWb, there are rules permitting host2 access to a few ports and machines
on the Internet.  All that works just fine.  The problem is that I want to 
be able to ssh from host1 to host2.  That isn't working properly, at 
least not when I tried the obvious 'map' command going back in the 
other direction.  Any sgugestions?


		--Steve Bellovin, http://www.research.att.com/~smb