On Mon, 27 Sep 2004, Steve Bellovin wrote:

> 	Internet -- GWa ----------GWb---------
>                             |            |
>                           host1        host2
>
> GWa is a commercial "router" (i.e., a NAT box + hub), which I'll some
> day replace with NetBSD on a Soekris or some such.  GWb runs NetBSD 2.0beta.
> On GWb, there are rules permitting host2 access to a few ports and machines
> on the Internet.  All that works just fine.  The problem is that I want to
> be able to ssh from host1 to host2.  That isn't working properly, at
> least not when I tried the obvious 'map' command going back in the
> other direction.  Any sgugestions?

If GWb is a NAT machine too (i.e. two levels of NAT), you need "rdr", not
"map".  If not, you might be missing some ipf rules -- mind posting
ipf.conf and ipnat.conf from GWb?

(Ewww.  I hate typing those three letters together.  Could you give the
machine a name, too?  <chuckle>)

-- 
-- Todd Vierling <tv@duh.org> <tv@pobox.com>