Greetings
I've got a cable modem that forwards ports 80,110,25 to an internal host
(192.168.1.121)
Email (POP and SMTP) is hosted on 192.168.1.121, but recent changes have
forced me to move
the webserver to another machine (192.168.1.126), which means i have to
somehow forward
port 80 traffic from 192.168.1.121 to 192.168.1.126, because the crappy
cable modem doesn't
let me forward different ports to different machines. No problem i think:
- Both 192.168.1.121 and 192.168.1.126 have 192.168.1.120 (the cable modem)
defined as their gateway
I've used the following config on 192.168.1.121 /etc/pf.conf:
#
---------------------------------------------------------------------------------------------
ext_if="rl1"
rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 -> 127.0.0.1
port 5000
# Allow all outgoing traffic
pass out on $ext_if inet all keep state
# Allow all incoming traffic
pass in on $ext_if inet all keep state
#
---------------------------------------------------------------------------------------------
and i've added the following in /etc/inetd.conf on 192.168.1.121:
127.0.0.1:5000 stream tcp nowait nobody /usr/bin/nc nc -w 20
192.168.1.126 80
To create a port 80 proxy to handle web traffic to and from the
192.168.1.126 webserver.
and this works. The webserver on 192.168.1.126 serves web traffic to the
Internet.
Now my only problem is, web traffic arrives on 192.168.1.126 as having
originated from 192.168.1.121,
and i need it to arrive on 192.168.1.126 as if it has originated from
the outside address (Internet), i.e. preserve the outside source IP
address for correct web logging purposes. As it is, web traffic that
arrives on 192.168.1.126 is logged with 192.168.1.121 as the source IP
address.
Is there any PF rule or NC configuration to preserve the outside source
IP address as traffic is forwarded from 192.168.1.121
to 192.168.1.126?
I'm running OpenBSD 3.9 (i386) on both machines.
I apologise if this is some "noob" question with an obvious answer.
