Since moving my name server inside a firewall, I can no longer
do lookups on other clients inside the firewall, while lookup
requests originating from outside the firewall work fine.  The
error message I get from nslookup is "can't find server name for
address aaa.bbb.ccc.149: No response from server."  From telnet
or ftp I get: "Host name lookup failure."  Somewhat unique about
the ipf/ipnat box is that its external nic has two IPs.  The one
that is an alias is the name server.

/etc/ipnat.conf looks like:
map ep0 192.168.2.0/24 -> aaa.bbb.ccc.21/32 proxy port ftp ftp/tcp
map ep0 192.168.2.0/24 -> aaa.bbb.ccc.21/32 portmap tcp/udp 40000:60000
map ep0 192.168.2.0/24 -> aaa.bbb.ccc.21/32
rdr ep0 aaa.bbb.ccc.21/0 port 80 -> 192.168.2.21 port 80 tcp/udp
rdr ep0 aaa.bbb.ccc.149/0 port 53 -> 192.168.2.149 port 53 tcp/udp

/etc/ifconfig.ep0 looks like:
aaa.bbb.ccc.21 netmask 0xffffff00
aaa.bbb.ccc.149 netmask 0xffffffff alias

Any ideas much appreciated.  TIA.

henry nelson