On Sat, Dec 08, 2001 at 03:15:55PM -0500, Peter Mancuso wrote:
> 
> >map rl0 192.168.1.1/24
> >
> >may be causing 'syntax error 2: map'.  AFAIK, it's not a valid ipnat
> >rule
> 
> yes I figured that...I think I remember removing that line  and the system 
> hung on startup or was no longer functional as a gate way
> 
> 192.168.1.2 is the address of a client machine using 192.168.1.1 as a gate 
> way to the internet...  what would the valid syntax be in ipnat.rules to 
> forward http + ftp + ssh, from computers on the subnet, to the first nic 
> (rl0) thats wired to the internet...

To the best my knowledge, you need two and only two lines:

map rl0 192.168.1.0/24 -> 0/32 proxy port ftp ftp/tcp
map rl0 192.168.1.0/24 -> 0/32

I set the last octet to zero as a reminder that it's ignored on a
24-bit network.

Except for ftp, NAT cares not about the protocol (http/ssh/etc).  FTP
needs a proxy to deal with the data channel; that's what Line 1 does. 

I can't see any reason those two rules wouldn't do the job.

Regards, 

--jkl