Static NAT with natd and ipfw

[Brett Glass]

A client wants to "expose" a host on a LAN behind a NAT firewall to the 
Internet at large. The host is is behind a FreeBSD machine that's 
functioning as (among other things) a NAT router. The host already has an 
unregistered internal address (which it needs to keep), but also must 
allow others to connect to it from the outside world via a "real" IP 
address that's distinct from that of the router. In other words, from the 
point of view of the Internet, I want the host to look as if it's outside 
the firewall at a separate address from the firewall itself.

The natd man page mentions a -redirect_address command line option which 
looks as if it would do PART of the job. But what other configuration do 
I have to do (e.g. changes to rc.firewall, rc.conf, etc.) to make this 
work? I'm sure I could tinker and figure all of this out, but this week 
is quite busy and I need to get things set up in a hurry. (Also, it's a 
production system and don't want to cause unnecessary downtime while I 
experiment.) Advice, and sample lines from configuration files, would be 
much appreciated.

--Brett Glass