On Sun, 2005-01-02 at 06:56, Daniel Johansson wrote:
Hi, my setup looks like the usual one. Internet - router with openbsd 3.5 -
switch - hosts.
I recently got a second IP from my ISP but I don't want to use it on an
external box directly to the internet. So I used ifconfig alias and added the
second IP tp my openbsd box.
I just needed ssh, http and https to an internal box but with the new IP so I
used PF
and added this rule, 192.168.1.12 is the internal ip of the box I want to
forward the traffic. I also wanted all traffic from 192.168.1.12 to use the
new IP and not my old one.
nat on $ext inet from 192.168.1.12/32 to any - new_ip
I already had this rule in my config:
nat on $ext inet from ($int)/24 to any - old_ip
I then added my rdr-rules to the new box. It all seems to work perfectly but
what I would like to know if is this is a correct way of doing what I want to
do or is there any better or more correct solution?
if it works the way you want, then no--i wouldn't say there's a more
correct way to do it. if $new_ip is solely dedicated to 192.168.1.12;
you could use binat instead of nat + rdr but that's really just a
matter of preference.
Does it matter which one of my nat rules comes first in my config?
yes. from man 5 pf.conf
For each packet processed by the translator, the translation rules
are evaluated in sequential order, from first to last. The first
matching rule decides what action is taken.
-j
--
Silly customer, you cannot hurt a Twinkie!
--The Simpsons
