Subject: Re: problems with route-firewall
To: jandemore <>
From: Steve Woodford <>
List: tech-net
Date: 07/31/2002 13:04:34
On Tue, 30 Jul 2002, jandemore wrote:

> We have a firewall runing in NetBSD with 4 ethernet cards.
> The first one ( with the ip is conetct to Adsl router (with
> ip
> The secoond one ( to a lan (
> The third one ( to a lan (
> The second one ( to a lan (

Your ipnat.conf can be simplified to just three rules:

  # fxp0 - (external) connection to ISP, address
  map fxp0 -> proxy port ftp ftp/tcp
  map fxp0 -> portmap tcp/udp auto
  map fxp0 ->

That's all you need in order to NAT your internal address space to your
single ISP assigned address.

Replace "auto" with 20000:65000 (or whatever) if you want manual control
over the port reassignments.

Cheers, Steve


Wasabi Systems Inc. - The NetBSD Company -