Subject: Setting up NAT and then a firewall...
To: NetBSD Tech-Security <>
From: Sam Carleton <>
List: tech-security
Date: 07/22/2001 09:52:03
I am under the impression that this is NOT the most ideal place to post
this email.  Considering this question is solely about IP Filter, I
would think that the IP FIlter mailing list would be ideal.  The
problem, I posted this email there yesterday and had NO replies, nor
seen anyone post anything else, what so ever.  Thus I am turning to you
all, I hope you don't mind.
I am setting up my IP FIlter firewall.  But I thought I should get NAT
working the way I want it first.

I have a cable modem and am assigned an IP via DHCP.  I have a server
behind the firewall that will host a web server, among other things.  I
need incoming requests to port 22,25,80, and 443 on the outside NIC
(iy0) to be redirected to the respected port on my web server
(  With the below ipnat.conf, when I ssh'ed into the
system, I ended up on the firewall, not the server.  At this
time there is NO ipfilter rules.  What am I doing wrong?

map iy0 -> 0/32 proxy port ftp ftp/tcp
map iy0 -> 0/32 portmap tcp/udp 40000:60000
map iy0 -> 0/32

rdr iy0 0/32 port 22 -> port 22
rdr iy0 0/32 port 25 -> port 25
rdr iy0 0/32 port 80 -> port 80
rdr iy0 0/32 port 443 -> port 443

I have also tried replacing the 0/32 in the rdr commands with