netstat -an says not listening port 80

[jay57]

Hi all,

I really stumped at the moment trying to reconfigure a FreeBSD firewall. I've got everything working except nobody from the outside world can see the web server that's behind it, at least on port 80. The webserver is at 192.168.1.128 and the firewall should be listening for traffic on 12.191.53.4

I think at least part of this is correct because I've been able to ping 12.191.53.4, but netstat -an does not show that we're listening on port 80

The ipf.rules file is really simple up to this point:

# We should trust everything appearing on the internal NIC interface: fxp0
pass in quick on fxp0
pass out quick on fxp0

# loopback can run wild
pass in quick on lo0
pass out quick on lo0

# allow web connections for store web server
pass in quick on xl0 proto tcp from any to 12.191.53.4/32 port = 80 flags S keep state
pass out quick on Xl0 proto tcp from 12.191.53.4/32 to any port = 80 flags S keep state

The ipnat.rules file has:
rdr xl0 12.191.53.4/32 port 80 -> 192.168.1.128 port 80

in it. I know the interface is configured correctly as ifconfig xl0 shows that it has an alias for 12.191.53.4

Any clues as to what I've got wrong? I just haven't had to do this for some 6 years.
--
Jay