On 17.10.01, 13:51:45, Matthias Winter wrote:
> hi,
> 
> i searched several bsd archives for good articles, and i found several, nut
> none of them solved my problem.
> i have a netbsd 1.5 router (ipf , ipnat) du serve my lan. now i set up ipf
> (left the config file blank, because i need no rules at the moment) and set
> up ipnat like this:
> map ppp0 10.0.0.0/24 -> 0/32 proxy port ftp ftp/tcp
> map ppp0 10.0.0.0/24 -> 0/32 portmap tcp/udp 40000:60000
> map ppp0 10.0.0.0/24 -> 0/32
> the nat translation works fine, but now i tried to map port 21 (for example)
> from the netbsd machine to an internal machine.the netbsd machine has the
> ip: 192.168.0.6 and the machine i want to redirect to is: 192.168.0.123. Now
> i added this line to ipnat.confas i read in a nat howto:
> rdr rtk0 0.0.0.0/0 port 21 -> 192.168.0.123 port 21

You need to redirect connects to the _outside_ interface of the
router. 192.168.x.y is obviously the _inside_ interface (i. e. the one
the private lan).

For a ppp interface this should then look something like:

rdr ppp0 0/0 port 21 -> 192.168.0.123 port 21

This works fine for me.

> but the redirect does not work. when i connect to the WAN ip (from the isp)
> i get either the netbsd ftp daemon, or i get connection refused if i disable
> ftp in inetd.conf..
> What i want is, that every traffic coming in over my ethernet interface
> connected to the isp (rtk0) is redirected to the internal machineand

It looks like you interface connected to the isp is _not_ rtk0, but
rather ppp0 (do you use DSL?). And notice that you use ppp0 for the
map rules as well. For DSL, rtk0 (or any other ethernet interface) is
just the underlying hardware interface, but is not the IP interface.

> backwards.. where is the error?
> regards ernesto
> p.s. i postet to de.comp.os.unix.networking but did not get any answers,
> that is why i try it here..
> 

-- 
Bernd Sieker

NetBSD: Microsoft ask you where you want to go, NetBSD gets you there
		-- David Brownlee