> For redirect rules to work, the clients that want to connect to the > server need to be out network interface A and the destination server > needs to be either on the computer with ipfilter or out a different > network interface, B. > > The "rdr" rules are written for interface A. > > So if a client on network A (192.168.1.1) wants to connect to a server > on network B (10.1.1.1) and the ipfilter box has two NICs, 192.168.1.254 > and 10.1.1.254, and you wanted to proxy the connection from A to B using > software on the ipfilter box, you would do: > > rdr A 10.1.1.1/32 port 80 -> 192.168.1.254 port 8080 tcp > > That is change packets with a TCP destination of 10.1.1.1,80 to > 192.168.1.254,8080
So if I have: () a firewall out on the internet with two interfaces, 151.52.2.130 and 172.16.1.3 () my ISP gave me only one static IP (151.52.2.130) () I have a web server on the DMZ, 172.16.3.1 (netmask 255.255.0.0) () and I want to make it look like "firewall.company.net" is also a web server to the outside world, but in reality I RDR packets for port 80 to the 172.16.1.3 box I would do, based on the example above: rdr 172.16.3.1 port 80 -> 151.52.2.130 port 80 tcp? The syntax is backward?
