Henry Nelson wrote
> Thought it would be easy to reach a web server on a home-lan.  No such
> luck.  Appending ipnat.conf and ipf.conf.  I can use the server within
> the home-lan, but I can't reach it from the outside.  Any help on where
> I've gone wrong, or what else I need to setup much appreciated.  TIA
> 
> henry nelson
> 
> ipnat.conf:
> rdr ep0 172.61.104.166/32 port 80 -> 192.168.1.11/32 port 80 tcp
> map ep0 192.168.1.1/24 -> 172.61.104.166/32 proxy port ftp ftp/tcp
> map ep0 192.168.1.1/24 -> 172.61.104.166/32 portmap tcp/udp 40000:60000
> map ep0 192.168.1.1/24 -> 172.61.104.166/32
> 
> ipf.conf:
> block in quick all with opt lsrr
> block in quick all with opt ssrr
> block in quick all with ipopts
> pass in on ne0 all
> pass out on ne0 all
> pass in on lo0 all
> pass out on lo0 all
> block in on ep0 all
> block out on ep0 all
> block in quick on ep0 from 10.0.0.0/8 to any
> block in quick on ep0 from 192.168.0.0/16 to any
> block in quick on ep0 from 172.16.0.0/12 to any
> pass out on ep0 proto tcp/udp from any to any keep state
> pass in quick on ep0 proto tcp from any to 192.168.1.11/32 port = 80 flags S/SA keep state

Try placing 

pass in quick on ep0 proto tcp from any to 192.168.1.11/32 port = 80

before the line containing

block in quick on ep0 from 192.168.0.0/16 to any

cheerio Berndt
-- 
Name    : Berndt Josef Wulf            | +++ With BSD on Packet Radio +++
E-Mail  : wulf@ping.net.au             |    tfkiss, tnt, dpbox, wampes
ICQ     : 18196098                     |  VK5ABN, Nairne, South Australia 
URL     : http://www.ping.net.au/~wulf | MBOX : vk5abn@vk5abn.#lmr.#sa.au.oc
Sysinfo : DEC AXPpci33+, NetBSD-1.4.2  | BBS  : vk5abn.#lmr.#sa.aus.oc