> > The "reflection" method is indeed what you want. You're only binat'g > if the traffic makes it outbound. The idea with reflection is to > intercept the packets destined for the "external hostname" and redirect > them on the internal interface to the intended server. So you would > have a binat rule for traffic out to the internet, and rdr/no-nat/nat > rules for traffic to your own servers. > >
thanks jason i'm happy the mail arrive to the list, even so late ;) (i think it was lost) i do that and it seems to work rdr on $if_int proto tcp from $int_net to publicIP port 80 -> \ privateIP nat on $if_int inet from privateIP2 to any -> publicIP2
