Yes, the firewall is set as the gateway. And thanks for the commands...

---   David A Woyciesjes
---   C & IS Support Specialist
---   Yale University Press
---   mailto:david.woyciesjes@yale.edu
---   (203) 432-0953
---   ICQ # - 905818


-> -----Original Message-----
-> From: Mike Pelley [mailto:mike@pelley.com]
-> Sent: Friday, October 20, 2000 2:46 PM
-> To: David Woyciesjes
-> Cc: NetBSD Tech-Net
-> Subject: Re: IPNat, IPF, and webservers...
-> 
-> 
-> I haven't looked at the stuff at dubbele.com but here are 
-> some thoughts.
-> 
-> > Now, all I want is to allow http (port 80) traffic thru to machine
-> > 10.10.10.10.
-> [stuff deleted]
-> > rdr ppp0 0/32 port 80 -> 10.10.10.10 port 80 tcp
-> 
-> One thing to check - the default gateway for 10.10.10.10 
-> must be the NetBSD
-> machine so ipnat can rewrite the reply packets.  I imagine 
-> you would have
-> set it that way but maybe not.
-> 
-> > BTW, aren't there command to renew the ipf and ipnat rules 
-> w/o rebooting?
-> 
-> To renew ipnat rules without disconnecting current sessions 
-> you can use
-> "ipnat -C -f /etc/ipnat.conf", and to renew ipfilter rules 
-> you can use
-> "ipf -Fa -f /etc/ipf.conf".
-> 
-> 
->