it's said ipfilter can not do this kind of work. that's wrong.
here is an example. let's say A.B.C.D1 is the LAN address and E.F.G.H
is WAN address and A.B.C.D2 is the address of the internal web server
which is published to the outside world.
rdr WAN 0/32 port 80 -> A.B.C.D2 port 80 tcp
rdr LAN E.F.G.H/32 port 80 -> A.B.C.D2 port 80 tcp
map LAN from A.B.C.D/24 to A.B.C.D2/32 port = 80 -> E.F.G.H/32 portmap tcp auto
now http://E.F.G.H is accessible to the LAN users.
quite simple, isn't it. but 2 problems arise.
first, performance. m0n0 might be overloaded, because those packets
need to be rewritten twice.
second, WAN ip address. WAN ip address must be hard coded into the
last two rules. when the WAN ip address is statically allocated, it's
not a problem. however, for those who using dhcp/pptp/pppoe, their WAN
ip address will change. that change must be tracked and ipnat rules
must be modified upon that change. thus a script should be put into
the mini-crontab to monitor the change, or somebody knows a better
sorry for my poor english