Ok, I have a situation where a server sits on a private non-routed LAN
(10.3.*), along with a machine that has an external network connection.

The external facing machine has three aliases IP addresses on it's
external interface, and I want all traffic to those to go to the
corresponding three internal non-routed IPs.

Currently, I have rdr rules for individual ports:

rdr fxp0 1.2.3.70/32 port 80 -> 10.3.0.2 port 80 tcp
rdr fxp0 1.2.3.70/32 port 21 -> 10.3.0.2 port 21 tcp
rdr fxp0 1.2.3.70/32 port 110 -> 10.3.0.2 port 110 tcp
rdr fxp0 1.2.3.70/32 port 25 -> 10.3.0.2 port 25 tcp
rdr fxp0 1.2.3.70/32 port 443 -> 10.3.0.2 port 443 tcp
rdr fxp0 1.2.3.70/32 port 7070 -> 10.3.0.2 port 7070 tcp
rdr fxp0 1.2.3.71/32 port 80 -> 10.3.0.3 port 80 tcp
rdr fxp0 1.2.3.71/32 port 21 -> 10.3.0.3 port 21 tcp
rdr fxp0 1.2.3.71/32 port 110 -> 10.3.0.3 port 110 tcp
rdr fxp0 1.2.3.71/32 port 25 -> 10.3.0.3 port 25 tcp
rdr fxp0 1.2.3.71/32 port 443 -> 10.3.0.3 port 443 tcp
rdr fxp0 1.2.3.71/32 port 7070 -> 10.3.0.3 port 7070 tcp
rdr fxp0 1.2.3.72/32 port 5631 -> 10.3.0.4 port 5631 udp

...but I'd ideally like to just map the entire port ranges for each IP in
turn, and use IP filters to restrict that as I wish to.

I also need the internal interfaces to be able to talk to the Internet, as
if from the external IPs. Will this work:

map fxp0 10.3.0.2/32 -> 1.2.3.70/32
map fxp0 10.3.0.3/32 -> 1.2.3.71/32
map fxp0 10.3.0.4/32 -> 1.2.3.73/32

...that's the kind of rule layout I'd like to be using for the rdrs.

bimap isn't very well explained in the man page (well, I don't understand
it anyway :-). Is that what I really need?

ABS

-- 
                               Alaric B. Snell
 http://www.alaric-snell.com/  http://RFC.net/  http://www.warhead.org.uk/
   Any sufficiently advanced technology can be emulated in software