On 2012-07-09, Fil DiNoto <fdin...@gmail.com> wrote: > I am trying to achieve something I thought would be simple, but > haven't had any luck. > > > I have an OpenBSD 5.0 router/firewall with public IP X.X.X.A > > Behind it are a mix of OpenBSD and Linux systems, all with public IP. NO NAT. > > I run ssh on an alternate port, XXX22. However, from a certain > location I am dealing with a firewall that will not allow outbound > connections on XXX22 only on 22 > > I have already set up a rule like this, and it works: > > pass in on egress proto tcp from $location1 to any port ssh rdr-to > X.X.X.A port XXX22 > > But i was wondering if I could achieve something that would work for > ALL the addresses behind the router as well without creating > individual rules for each address. Something like this: > > pass in on egress proto tcp from $location1 to any port ssh rdr-to > (original destination IP) port XXX22 > >
nope. easiest option for this is probably a userland proxy. not sure but I reckon relayd can probably do it.