Hello,
On Sat, 23 Feb 2008, Stuart Henderson wrote:
On 2008-02-23, Stefan Kell <[EMAIL PROTECTED]> wrote:
Hello,
On Sat, 23 Feb 2008, elaconta.com Webmaster wrote:
Greetings
...snip...
rdr on $ext_if proto tcp from any to 192.168.1.121 port 80 -> 127.0.0.1 port
5000
...snip
I'm running OpenBSD 3.9 (i386) on both machines.
why not rdr directly to your internal webserver instead of 127.0.0.1? OpenBSD
3.9 is quite old but rdr should work quite well. I use this since OpenBSD 3.4
Because the return packets will go straight to the cable modem and
won't get "un-rdr'ed" (i.e. have the original addresses put back on
them).
You could do this if a) .126 is configured to use .121 as gateway rather
than using the cable modem as gateway, and b) there aren't any ICMP redirects
affecting things (either they aren't generated, or any which are generated
are ignored). It's a bit of a messy setup though, be sure to document it...
Other possibilities are to put the webserver on a different subnet and
either double-NAT, or add a static route to this on the cable modem.
Or one could use a proxy which can write the original address into an
HTTP header, and have the webserver log that rather than the packet's
source address.
You are right, of course, but I assumed that the OpenBSD machine is acting as a
router and has two interfaces so that no other machine is connected
directly to the cable modem. If this assumption is wrong than it would
not work.
Regards
Stefan Kell
