On Sat, Apr 26, 2008 at 6:17 PM, Parvinder Bhasin
[EMAIL PROTECTED] wrote:
I have 2 webservers on my internal lan. Both have associated EXTERNAL IPs.
I setup an OpenBSD box with PF to do firewalling and redirection. Do I also
have to put the 2 external IPs on the external interface of my PF box as
aliases?
For pf to redirect IP traffic, those packets have to pass through the
OpenBSD host. In your case, the easiest way to do this is simply add
those addresses as aliases to the external interface. (You could also
assign those IPs to a subnet that is routed to the OpenBSD host, but
that takes more work if you don't already have your network setup to
accommodate it.)
If I do put in the aliases and I am also doing NAT-ing on the internal lan
, would PF do some kind of round-robin using different EXTERNAL IPs to go
out to the net? I don't want that behaviour. How can I make PF go out on
only one pre-determined external IP and not the aliases that I am using for
the webservers?
You can specify $ext_if:0 after the - in the nat-rule, e.g.:
nat on $ext_if from $int_if:network to any - $ext_if:0
