Subject: Re: The NAT solution
To: Sam Carleton <>
From: Cy Schubert - ITSD Open Systems Group <>
List: tech-security
Date: 07/22/2001 15:34:15
In message <>, Sam Carleton writes:
> If you where not following along with the problem I had, the rdr rules
> in my nat file where not working.  Someone send me a private email that
> resolved the problem.   I had:
> rdr iy0 0/32 port 443 -> 192.168.0.x port ??? tcp
> But 0/32 is not valid in a rdr, I had to use the real ip address.  Now I
> simply need to write a script that will update the nat table every time
> my IP changes...
> I am off to do some dhclient_script hacking!

You don't need to hack anything.  Here is an example from one of the 
firewalls I manage.

rdr xl0 0/0 port 25 -> port 25 tcp
map xl0 -> proxy port ftp ftp/tcp
map xl0 -> proxy port kftp ftp/tcp
map xl0 -> portmap tcp/udp 40000:60000
map xl0 ->
# map xl0 -> proxy port ekshell rcmd/tcp
# map xl0 -> proxy port kshell rcmd/tcp
# map xl0 -> proxy port shell rcmd/tcp
map xl0 -> proxy port ftp ftp/tcp

Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:
Open Systems Group, ITSD, ISTA
Province of BC