I tried this you told me, and that not works, i get a syntax error my pf.conf:
#supose 10.0.0.254 is external address.. ext_if="sis0" ext_carp_if="carp1" int_if="rl0" int_carp_if="carp0" nat on carp1 from 192.168.1.0/24 to any -> 10.0.0.254 rdr on sis0 inet proto tcp from any to 10.0.0.254 port 80 -> 192.168.1.69port 80 pass all On 5/14/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > On Mon, May 14, 2007 at 06:12:12PM +0200, Alberich de megres wrote: > > On 5/14/07, Joachim Schipper <[EMAIL PROTECTED]> wrote: > > > > > > On Mon, May 14, 2007 at 12:41:18PM +0200, Alberich de megres wrote: > > > > Hi again, > > > > > > > > And sorry to insist on this.... I'm really lost. > > > > > > > > I read in most webs-docs with rdr rule trafic get redirected to > > > > internal servers and with this and pass rule is enought. But i > > > > find myself in a different scenario, with rdr rule and pass rule > > > > packets get redirected to internal server with the same external > > > > ip. > > > > > > > > With a tcpdump on internal server packets arrive to internal > > > > server but this one don't ask it back. > > > > > > > > If i add a nat rule from any to internal server, the server logs > > > > show me access only from firewall ip address ( logically ). Is > > > > there some way to redirect external traffic to internal server and > > > > the internal server to see external address ( for logs control, > > > > and access without firewall rule...only on server machine ) and > > > > all works fine? > > > > > > I don't really see what you mean: is there a server with public > address > > > 1.2.3.4 behind a firewall with public address 1.2.3.1, and rules like > > > > > > rdr pass on $ext_if to $server $port1 -> $port2 > > > pass on $ext_if to $server port $port3 > > > > > > In that case, that should just work. > > > No, > > > > There's a firewall with public address, and a server with internal > address. > > > > firewall: 1.2.3.4 > > server: 192.168.1.1 > > In that case, > > server = "192.168.1.1" > > rdr pass on $ext_if to $ext_if $port1 -> $server > rdr pass on $ext_if to $ext_if $port2 -> $server $port3 > > should work just fine. What is your /etc/pf.conf? And what doesn't work? > > (The underlying idea is that 'rdr pass' is very useful for simple cases, > and one should be careful with NAT.) > > Joachim > > -- > TFMotD: vclean (9) - disassociate the underlying file system from a > vnode
