I hope you all don't mind another NAT question -- the last time I read
this list, there were quite a few of those.

I'm trying to get NAT working with a 1:1 mapping of external to
internal IP addresses.  I'd like to get it to pass through incoming
connections to the appropriate internal IP.

I've got my NAT machine at 153.90.240.170, and I want to make it
forward packets for 153.90.240.181 from de0 to 10.1.240.181 on de1.
But, of course, if I "ifconfig de0 alias 153.90.240.181", the NAT
machine starts accepting packets for the hidden machine.

If I use a "map" rule in ipnat.conf, it only works for outgoing
connections.  Once the connection is established, packets can go in
both directions; but I'd like it to allow incoming connections, too.

I can use "rdr de0 153.90.240.181/32 port 23 -> 10.1.240.181/32 port 23 tcp",
but I have to specify that for each service on the machine.  Making
things like NFS work becomes a real pain this way.

In case anybody's wondering why I want to do this silly thing, it's
because management has decided we're going to have a firewall, and the
network people aren't able to give us a subnet to put our machines in.

Thanks in advance for any advice, and please CC: me in any discussion,
since I no longer read this list.

Chris

-- 
-----------------------------------------------------cjones@math.montana.edu
Chris Jones                                          cjones@honors.montana.edu
           Mad scientist at large                    cjones@nervana.montana.edu
"Is this going to be a stand-up programming session, sir, or another bug hunt?"