OK, so I didn't express myself correctly. I'd like to do 2 things :
redirect all connections from port 5555 to port 22 on my SMTP server located in dmz. redirect all smtp connections to the smtp server in dmz just as it were on my FW (with public address), (I think that can be done with a binat rule). So anyway here are my rules : -------------------- # NAT and redirections #-------------------- # translation d'adresses sur l'interface wifi nat on $ext_if from $wifi_net to any -> $ext_if nat on $ext_if from $dmz_net to any -> $ext_if # DO I NEED A BINAT RULE HERE FOR THE SMTP ? ############################ # redirections ############################ rdr on $ext_if proto tcp from any to $ext_addr port 5555 -> $smtp_dmz port 22 #------------------- # Filtering #------------------- # block in log all block out log all # loopback pass in quick on lo0 from any to any pass out quick on lo0 from any to any #----------- # RULES #----------- ################### #Incoming Rules ################### [..] pass in log on $ext_if inet proto tcp from any to $smtp_dmz port ssh keep state pass out log on $dmz_if inet proto tcp from any to $smtp_dmz port 22 keep state pass out log on $dmz_if inet proto tcp from any to $smtp_dmz port 25 keep state [..] # antispoof for $ext_if antispoof for $wifi_if antispoof for $dmz_if ---------------------------------------------------------------------------- --------------------- I've tested pf without the filtering. Doesn't work either so, the problem is coming from the RDR rules... Thanks for all your answers, /Hitete
