Hi.
I need help with a problem of mine.
I want to reflect all IP from a client to a server via another machine
called mirror. client and server can't access each other and there is
nothing I can do about that. How ever the mirror can access both
client and server so I want all traffic from client to mirror be
reflected to server and all responses from the server should be
reflected back to the client via the mirror.
One upon a time this worked but since the PF has changed in the latest
version this does not longer work in 4.8
ext_if= "{ vic0 }"
client= "{ 10.10.15.30 }"
mirror= "{ 10.40.20.5 }"
server= "{ 10.50.43.7 }"
rdr on $ext_if from $client to $mirror -> $server
nat on $ext_if from $client to $server -> $mirror
block in log
pass out keep state
pass quick on lo0
pass in quick inet from $client to self keep state
pass in quick inet from $server to self keep state
pass in quick inet from $server to $client keep state
pass in quick inet from $client to $server keep state
I have read man page of pf.conf and
http://www.openbsd.org/faq/pf/rdr.html#rdrnat and I have tried many
combinations but I can't make it work
This is one example of many that I have tried with no success.
The syntax is OK but there is no redirection from the mirror server to
the target
ext_if= "{ vic0 }"
client= "{ 10.10.15.30 }"
mirror= "{ 10.40.20.5 }"
server= "{ 10.50.43.7 }"
pass in from $client to $mirror rdr-to $server
pass out from $client to $server nat-to $mirror
# Rules
block in log
pass out keep state
pass quick on lo0
pass in quick inet from $client to self keep state
pass in quick inet from $server to self keep state
pass in quick inet from $server to $client keep state
pass in quick inet from $client to $server keep state
Best Regards rancor
