> Thought it would be easy to reach a web server on a home-lan.  No such
> luck.  Appending ipnat.conf and ipf.conf.  I can use the server within
> the home-lan, but I can't reach it from the outside.  Any help on where

Thanks to all the people who offered help.  I'm still not able to reach
the web server from outside yet.  Some more info and questions:

1) I can add the line,
"pass in quick on ep0 proto tcp from any to 192.168.1.11/32 port = 80,"
to the very top of ipf.conf, or even change ipf.conf to pass every
packet in and out on ep0, and I still cannot reach the server.  The
behavior changes, though, when I do that.  With blocking as the
default, the browser tries to connect for the longest time, whereas
if I open up the firewall, the browser quits immediately with a
message that it can't reach the host.

2) If I look at `netstat -a` on the nat/ipf machine I see lines like:
tcp        0      0  *.telnet               *.*                    LISTEN.
There is no line having "*.http" or "*.www".  Should there be one?  If
it should be listening, how do I set it up to listen on port 80?

3) Does `ipf -E -Fa -f /etc/ipf.conf` revise the rules the kernel uses,
or do I have to reboot (which I've been doing) after editing ipf.conf
for the changes to take effect?

Again, TIA.

henry nelson