On 2008-02-23, Stefan Kell <[EMAIL PROTECTED]> wrote:
> Hello,
>
> On Sat, 23 Feb 2008, elaconta.com Webmaster wrote:
>
>> Greetings
>>
>> ...snip...
>> rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 -> 127.0.0.1 port 
>> 5000
>>
>> ...snip
>>
>> I'm running OpenBSD 3.9 (i386) on both machines.
>>
>
> why not rdr directly to your internal webserver instead of 127.0.0.1? OpenBSD
> 3.9 is quite old but rdr should work quite well. I use this since OpenBSD 3.4

Because the return packets will go straight to the cable modem and   
won't get "un-rdr'ed" (i.e. have the original addresses put back on  
them).

You could do this if a) .126 is configured to use .121 as gateway rather
than using the cable modem as gateway, and b) there aren't any ICMP redirects
affecting things (either they aren't generated, or any which are generated
are ignored). It's a bit of a messy setup though, be sure to document it...

Other possibilities are to put the webserver on a different subnet and
either double-NAT, or add a static route to this on the cable modem.

Or one could use a proxy which can write the original address into an
HTTP header, and have the webserver log that rather than the packet's
source address.

Reply via email to