Subject: IPNat, IPF, and webservers...
To: '' <>
From: David Woyciesjes <>
List: tech-net
Date: 10/20/2000 10:17:03
********Please keep my name in the "Send To" field, because I need to be
approved to join the 'tech-net' apparently. Maybe because the University
uses e-mail address aliases.**********

	Happy Friday to everyone! I'm sure this is an easy question.
	I've setup the infamous NetBSD/i386 Firewall from, and
modified it to use RP-PPPoE to connect over the ADSL line. Now, all I want
is to allow http (port 80) traffic thru to machine I've RTFM,
read thru the mail archives, and thought I had the answer (shown below). So
I get that all in and restarted the firewall, ( BTW, aren't there command to
renew the ipf and ipnat rules w/o rebooting?) and I can browse to fine (from, but when I try to browse to 64.252.39.??
(from, I get the "No response, server could be down" message.

P.S. Does anyone use the redirection service on 

#!/sbin/ipnat -f -
# ex0 - (old ext.) connection to ISP, address
# ppp0- (new ext.) connection to SNET, DHCP address - 0/32 
# ep0 - (internal) network interface, address
rdr ppp0 0/32 port 80 -> port 80 tcp 
map ppp0 -> 0/32 portmap tcp/udp 40000:60000
map ppp0 -> 0/32
#To make ftp work, using the internal ftp proxy, use:
map ppp0 -> 0/32 proxy port ftp ftp/tcp

#!/sbin/ipf -f -
# Prevent IP spoofing.
pass in quick on ppp0 proto tcp from any to port = 80
block in quick all with short

---   David A Woyciesjes
---   C & IS Support Specialist
---   Yale University Press
---   (203) 432-0953
---   ICQ # - 905818