binat on fxp0 from $web_serv_int to any -> $web_serv_ext
How are the packets seen by the filter? Is it:
- for incoming packets: src: internet address of client dst: web_serv_int (that is after binat)
- for outgoing packets: src: web_serv_ext (that is after binat) dst: address of (e.g.) dnsserver
Is this correct?
Yes. There's a flowchart here: http://mniam.net/pf/pf.png
