I am trying to achieve something I thought would be simple, but haven't had any luck.
I have an OpenBSD 5.0 router/firewall with public IP X.X.X.A Behind it are a mix of OpenBSD and Linux systems, all with public IP. NO NAT. I run ssh on an alternate port, XXX22. However, from a certain location I am dealing with a firewall that will not allow outbound connections on XXX22 only on 22 I have already set up a rule like this, and it works: pass in on egress proto tcp from $location1 to any port ssh rdr-to X.X.X.A port XXX22 But i was wondering if I could achieve something that would work for ALL the addresses behind the router as well without creating individual rules for each address. Something like this: pass in on egress proto tcp from $location1 to any port ssh rdr-to (original destination IP) port XXX22