Count me in on SNAT/DNAT. It has been used for a long time and I for one think it's very descriptive and logical.
-lsf -----Original Message----- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: 1. november 2005 15:13 To: discussion@pfsense.com Subject: Re: [pfSense-discussion] how do I "not rdr" with pfsense On 11/1/05, Etienne Ledoux <[EMAIL PROTECTED]> wrote: > perhaps I should give more info about this: > > I have a internal LAN , DMZ and a WAN. My proxy is in the DMZ. I redirect > all http traffic from the LAN to the proxy in the DMZ. The rule looks like > this: > > rdr on vr0 inet proto tcp from any to any port = http -> 10.6.0.10 port > 8080 > > I would like to eventually have a rule that reads something like: > > no rdr on vr0 inet proto tcp from any to 10.2.0.0/16 port = http > > above it. > The "no nat" feature available on outbound nat currently doesn't even allow > me to select my internal interface. So I'm not sure if this rule will work > because its probably going to be caught by the the rdr rule above anyways. > > Unless I'm not suppose to be using rdr for this in the first place, which > doesn't make sense to me, how should I then be doing this ? That's because you want Port Forward, not Outbound NAT (unless of course Port Forward doesn't accept a 'not' option) :) Suggestions for better wording accepted. I like DNAT and SNAT (destination/source NAT respectively), but I'm not sure that people would grok that either :) --Bill
