Subject: Re: Setting up NAT and then a firewall...
To: Sam Carleton <>
From: Manuel Bouyer <>
List: tech-security
Date: 07/22/2001 17:36:46
On Sun, Jul 22, 2001 at 09:52:03AM -0400, Sam Carleton wrote:
> I am under the impression that this is NOT the most ideal place to post
> this email.  Considering this question is solely about IP Filter, I
> would think that the IP FIlter mailing list would be ideal.  The
> problem, I posted this email there yesterday and had NO replies, nor
> seen anyone post anything else, what so ever.  Thus I am turning to you
> all, I hope you don't mind.
> ----------------------------------------------
> I am setting up my IP FIlter firewall.  But I thought I should get NAT
> working the way I want it first.
> I have a cable modem and am assigned an IP via DHCP.  I have a server
> behind the firewall that will host a web server, among other things.  I
> need incoming requests to port 22,25,80, and 443 on the outside NIC
> (iy0) to be redirected to the respected port on my web server
> (  With the below ipnat.conf, when I ssh'ed into the
> system, I ended up on the firewall, not the server.  At this
> time there is NO ipfilter rules.  What am I doing wrong?

Ha, NO ipfilter rules. ipfilter needs to be enabled for NAT to work.
Try 'ipf -E' to test.
You may want to create a dummy /etc/ipf.conf with just
pass in from any to any
and enable ipf in /etc/rc.conf, so that ipf -E will be run at boot.

Manuel Bouyer, LIP6, Universite Paris VI.