Routing to servers via NAT box

["Rod... Whitworth" <listener@witworx.com>]

I think I have looked at this for too long and my brain is fried.

I have a box (old P166) running the July 1 snapshot. It has been
running doing NAT for a small LAN to an ADSL connection. Works fine.

Only line in pf.conf at present is:
nat on fxp0 from 192.168.1.0/24 to any -> fxp0

fxp0 is connection to ADSL

fxp1 is the LAN (192.168.1.0/24 bound address is .254)

Now for the problem:
fxp2 is the NIC for the servers. It is configured as 203.x.y.209 for a
routed subnet 203.x.y.208/29)

>From the box I can ping .209 (of course!) and a test server at .211
>From across the internet I cannot ping either of those.

Running tcpdump on fxp0 shows that something is getting to the box:
18:51:35.145380 arp who-has 203.x.y.211 tell 10.0.0.138
(10.0.0.138 is the ADSL modem)

The IPv4 part of the routing table looks like:
Internet:
Destination      Gateway            Flags
default          165.a.b.1        UG
10.0.0.0         link#1             U
10.0.0.1         0:2:b3:8b:e2:21    UH
SpeedTouch.inhou 0:90:d0:3:8f:5f    UH
127.0.0.0        SpeedTouch.inhouse UG
SpeedTouch.inhou SpeedTouch.inhouse UH
165.a.0.0      link#1             U
165.a.b.1      0:90:d0:3:8f:5f    UH
165.a.c.2     SpeedTouch.inhouse UGH
192.168.1.0      link#2             U
203.x.y.208   link#3             U
stooges.inhouse. SpeedTouch.inhouse UGH
224.0.0.0        SpeedTouch.inhouse U

Anybody care to wake me up?

Also what do I need to do to let the 192.168 LAN get to those servers
without NAT?
(I haven't got to that yet but I'm sure there will be a rule needed?)

TIA
Rod.





>From the land "down under": Australia.
Do we look <umop apisdn> from up over?