Hi, my setup is actually more complicated, but for purpose of this mail I am going to try and keep it simple.
My firewall redirects requests to some service from the Internet to server on private network: pass in on $ext_if inet proto tcp from any to $srv-pub port $service rdr-to $srv-priv Internet hosts can access service without problem via its public IP address. Clients on internal network can access service without problem via its private IP address. Now, I have some clients on internal network who are forbidden communication with private address space, so they need to access service via its public IP address. Unfortunately this does not work. Hopefully someone already had this problem and will be able to point me in the right direction. Regards, -- Marko Cupać https://www.mimar.rs/