netbsd-help: Re: can't reach web server inside firewall

Subject: Re: can't reach web server inside firewall
To: None <netbsd-help@netbsd.org>
From: Henry Nelson <henry@irm.nara.kindai.ac.jp>
List: netbsd-help
Date: 06/29/2000 14:39:07

Thanks everyone (especially Bruce); it's working now.


> ipnat.conf:
> rdr ep0 172.61.104.166/32 port 80 -> 192.168.1.11/32 port 80 tcp
                         ^^                        ^^^
This appears to have been the major problem.  I still do not really
understand why that mask should be "0", so if anyone's up to explaining
it, I'd be VERY grateful.  That line was moved to the bottom of
ipnat.conf, and now reads:

rdr ep0 172.61.104.166/0 port 80 -> 192.168.1.11 port 80 tcp/udp


>  > ipf.conf:
[...]
> pass in quick on ep0 proto tcp from any to 192.168.1.11/32 port = 80 flags S/SA keep state

This is not what I started out with originally, and really was a stab in
the dark.  The following works fine (whether it's "right" or not is another
question :)

pass in quick on ep0 proto tcp/udp from any to 192.168.1.11/32 port = 80

henry nelson