>> So, for http, you would add this to /etc/ipnat.conf then restart
>> ipnat (assuming ae0 is you external interface):
>> rdr ae0 0.0.0.0/0 port 80 -> 192.168.1.220 port 80 tcp
>
> I tried this ipnat.conf file:
>
> map ppp0 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
> map ppp0 192.168.1.0/24 -> 0.0.0.0/32
> rdr ppp0 0.0.0.0/0 port 25 -> 192.168.1.218 port 25 tcp
> rdr ppp0 0.0.0.0/0 port 80 -> 192.168.1.220 port 80 tcp
> rdr ppp0 0.0.0.0/0 port 53 -> 192.168.1.219 port 53 tcp
>
> Internal clients reach outside servers okay, but outside connections to internal servers fail.

Aha! The problem was the ipf.conf file which did not have any entries allowing requests on those ports to be forwarded. Once I added:

pass in quick on ppp0 from any to any port = 22
pass in quick on ppp0 from any to any port = 80
pass in quick on ppp0 from any to any port = 53

inbound mapping works okay! Woohoo!

But, now I need to only allow web requests (port 80) on the external IP 203.57.42.254, but none of the other IP addresses that get routed to my connection (I have a class C of 203.57.42.1 - 203.57.42.254). How do I do this so port 80 into 203.57.42.254 is passed but, say, to 203.57.42.100 is blocked?

I need this to reduce my hits by the cursed Code Red virus attempts to reduce by a factor of 254.

Thanks,
Tom