I got my pf set up.
All works fine, except rdr rules. simply: pf won't redirect anything to
internal servers.
I change /etc/sysctl.conf:
net.inet.ip.forwarding=1
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.ip.multipath=1
My scenario is:
fw1 -> rl0 - carp / pfsync devs
-> rl1 - No ip addr, and vinculed to carp1 ( with external IP )
-> rl2 - Internal lan ip vinculed to carp0 ( with lan gateway ip )
and FW2 on the same way.
Nat works fine, but rdr don't.
pf.conf:
ext_if="rl1"
ext_carp_if="carp1"
int_if="rl2"
int_carp_if="carp0"
pf_if="rl0"
nat on $ext_if from <lan_hosts> to any -> ($ext_carp_if)
rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 22 ->
192.168.0.200 port 22
rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 80 ->
192.168.0.200 port 80
pass out all
pass in all
What i am doing so worng?
Thanks!
