On 2021-12-10, Łukasz Moskała <l...@lukaszmoskala.pl> wrote: > Dnia 10 grudnia 2021 09:49:08 CET, Claus Assmann <ca+openbsd_m...@esmtp.org> > napisał/a: >>I am trying to run an SMTP server on a dynamic IP address >>(and maybe other services later on, e.g., DNS or HTTP) >> >>For this, I would like to redirect traffic via a host (STATIC) which >>has a static IP address to/from the host (DYNAMIC) with the dynamic IP >>address.
> I'd run full tunnel VPN on STATIC, and connect to it from DYNAMIC. Then, > entire traffic from DYNAMIC goes via STATIC, and you can DNAT any port you > want. Me too. For this case I would place the tunnel interface in an alternative rdomain, add a default route in that rdomain to the tunnel endpoint (rpute -T2 add default XX), and run the MTA in the route table matching that rdomain (rcctl set $daemon rtable 2). I have been happy with wg(4) for this use case. If the MTA needs to be reachable from other machines on the local network then PF rules with "rtable" can be used to feed traffic there. The problem is local same- machine traffic (which you may or may not need), pf rtable works on inbound packets only as it must be used before the rtable lookup takes place. It maybe possible to work around this with pair(4) if needed.