IPFW redirect_port 无效

我安装了FreeBSD 8.1 i386
做NAT时，redirect_port 到内网的主机，就是不生效。查看了日志，没有显示有错误。不知道哪里出问题了。
我的IPFW 规则：
fwcmd="/sbin/ipfw"

int_if="bge0"
ext_if="bge1"

local_net="10.1.0.0/21"

${fwcmd} -f flush
${fwcmd} -f pipe flush
${fwcmd} -f queue flush

# localhost
${fwcmd} add 00500 allow all from any to any via lo0

# permit SSH to me from Localnet
${fwcmd} add 00600 allow tcp from ${local_net} to me ssh via ${int_if} keep-state

# permit NTP to me from any
${fwcmd} add 00700 allow udp from any to me ntp keep-state

# DENY
${fwcmd} add 01000 deny log tcp from any to me ssh via ${ext_if}

# SQUID
${fwcmd} add 02000 fwd 127.0.0.1,3128 tcp from any to any www in

# MAPPING
${fwcmd} nat 10 config if ${ext_if} log redirect_port tcp 10.1.0.13:3389 3389
${fwcmd} add 02100 nat 10 log tcp from any to me 3389 via ${ext_if}

# NAT
${fwcmd} nat 100 config if ${ext_if}
${fwcmd} add 02800 nat 100 ip from any to any via ${ext_if}

${fwcmd} add 02900 check-state

# SYSTEM DEFAULT
65535 allow ip from any to any


在ipfw.log里就一条：
Aug 25 12:43:22 gateway kernel: ipfw: 2100 Nat TCP 11.22.33.44:2945 11.22.33.45:3389 in via bge1


内核编译时的参数：

......
options         LIBALIAS
options         IPFIREWALL
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=50
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_FORWARD
options         IPFIREWALL_NAT
options         IPDIVERT
options         DUMMYNET
options         HZ=1000
......


我内网的主机也把默认网管知道 NAT这台服务器上了。

我到底是哪里错了啊？

自己解决了，规则写错了，
${fwcmd} nat 10 config if ${ext_if} log redirect_port tcp 10.1.0.13:3389 3389

这条规则应该加上外网地址，如：
${fwcmd} nat 10 config if ${ext_if} log redirect_port tcp 10.1.0.13:3389 11.22.33.44:3389