I'm having difficulty redirecting some traffic on my home network, from a
server with a single nic.
Here's the situation: I have a wifi/gateway router which forwards all
traffic from my external IP to a NetBSD server on my internal network. The
server has a single NIC, but I have a second server also on my internal
network I'd like to offload some of the services onto. For specific
reasons, I don't want to do the 'proper' way and change the gateway
router's rules, and instead I want to redirect the packets via the NetBSD
server and NPF.
I've added some map rules in my npf.conf, but they don't seem to work.
Traffic tries to connect, but hangs waiting for return packets, and
eventually times out. Npfctl shows the NAT allocations occuring, but they
later get destroyed. Changing the IP address of the dest server to
localhost does in fact pass traffic, so I'm a bit confused why this other
way isn't working.
I know that with PF, you cannot reflect packets out the same interface, is
that what's preventing me from doing this with NPF also?
My npf.conf:
# Wonderful basic config!
$ext_if = "ale0"
$localnet = { 192.168.0.0/24 }
$irc_server = { 192.168.0.3 }
$ext_ipaddr = { 192.168.0.2 }
# My persistent block tables
table <blacklist> type tree file "/etc/npf_blacklist"
group "external" on $ext_if {
block in final from <blacklist>
pass all
}
group default {
pass final on lo0 all
block all
}
map $ext_if static $irc_server port 6667 <- $ext_ipaddr port 6667
Hopefully someone can shed some light on what I'm doing wrong - and
hopefully there is a way to do this that doesn't require a second NIC.
