Hi,
I am having some issues with PF and Binat.
Here is my scenario:
I have 5 static ips assisgned to me. I have frontended my network
(external) with an OpenBSD machine running pf.
I would like 2 of these IPs to have ONE to ONE translation. I have 2
very different servers serving different purpose.
75.36.44.22 for web serving and 75.36.44.23 for mail
For example:
75.36.44.22 -> 172.16.10.22
75.36.44.23 -> 172.16.10.23
I do this with the following binat statements:
## i have nat for anything that is not my servers
nat on $ext_if from !($ext_if) to any -> ($ext_if:0)
### here are my servers
binat on $ext_if from 172.16.10.22 to any -> 75.36.44.22
binat on $ext_if from 172.16.10.23 to any -> 75.36.44.23
pass in on $ext_if proto tcp from any to 75.36.44.22 port 80
pass in on $ext_if proto tcp from any to 75.36.44.23 port 25
Problem is when I try to access my servers from outside (different
external network), I cannot reach them at all.
Why can't I do this?
When I try to add the external ips as aliases on my external
interface, it works fine.
Isn't the BINAT statement sufficient??? do i have to use aliases???
I spun off sniffer on the Openbsd gateway to see if it was even
getting the request and of course I don't even see the request come
through as I am assuming my Netopia router doesn't know where the
external IPs are for that server (arp).
When I go the aliases way, everything works fine.
Can someone shed some light on this?
Thanks
