* jirib <ji...@devio.us> [2011-03-19 00:38]: > On Fri, 25 Feb 2011 10:21:20 +0100 > Henning Brauer <lists-open...@bsws.de> wrote: > > > * william dunand <william.dun...@gmail.com> [2011-02-25 05:26]: > > > > pass out log(matches) quick inet proto tcp from any to > > > > 89.176.141.250 port = www rdr-to 127.0.0.1 port 8080 > > > I think rdr-to is meant to be use on inbound rules. > > > > we allow rdr-to outbound too now. it has caveats, and - surprise! - > > they are described in the manpage. > > this example hits a caveat. > > > > Hi, > > it was working for me - rdr-to outbound to a daemon on the firewall > itself, but I deleted that virtual machine... > > rdr-to is usually applied inbound. If applied outbound, > rdr-to to a local IP address is not supported. > > I would put my hand in fire -- it was working :) I read the manpage > but I don't get it, how could it work then?
pretty certain it could not have worked. the rdr-to in this case is too late and the local/remote decision already taken. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting