Hi,
I have a situation where host on public IPv4 address is accessible over
two upstream routers who advertise host's subnet over BGP:
A.B.C.1 [BGP1] G.H.I.1
/ \
INTERNET G.H.I.3 [DMZHOST]
\ /
D.E.F.2 [BGP2] G.H.I.2
Is there a way to set pf on BGP hosts so that services on dmz host are
additionally accessible from Internet over their external IP addresses?
This is simple if host is on private LAN and upstream routers do NAT:
pass in on $ext_if proto { tcp udp } to $ext_if port $portrange \
rdr-to $dmzhost
But is it possible to do it if there's no NAT involved and everything
is on public IPv4 address space?
PS. I know how to do it with reverse proxies such as relayd but I would
like to have it in pf only. Also UDP.
Thank you in advance.
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
