Thank you
How ever, you example was not valid
/etc/pf.conf:x: nat-to can only be used outbound
/etc/pf.conf:x: skipping rule due to errors
/etc/pf.conf:x: rule expands to no valid combination
The nat-to must be out but it did not work anyway.
ext_if= "{ vic0 }"
client= "{ 10.10.15.30 }"
mirror= "{ 10.40.20.5 }"
server= "{ 10.50.43.7 }"
# Rules
block in log
pass quick on lo0
pass out keep state
pass in quick from $client to $mirror rdr-to $server
pass out quick from $client to $server nat-to $mirror
There was a lot of work done with pf and nat. It's maybe not possible
to do any more =(
Best regards
2011/4/8 Muhammad Muntaza <m.munta...@gmail.com>:
> 2011/4/7, rancor <theran...@gmail.com>:
>> Hi.
>>
>> I need help with a problem of mine.
>>
>> I want to reflect all IP from a client to a server via another machine
>> called mirror. client and server can't access each other and there is
>> nothing I can do about that. How ever the mirror can access both
>> client and server so I want all traffic from client to mirror be
>> reflected to server and all responses from the server should be
>> reflected back to the client via the mirror.
>>
>> One upon a time this worked but since the PF has changed in the latest
>> version this does not longer work in 4.8
>>
>> ext_if= "{ vic0 }"
>> client= "{ 10.10.15.30 }"
>> mirror= "{ 10.40.20.5 }"
>> server= "{ 10.50.43.7 }"
>>
>> rdr on $ext_if from $client to $mirror -> $server
>> nat on $ext_if from $client to $server -> $mirror
>>
>> block in log
>> pass out keep state
>>
>> pass quick on lo0
>> pass in quick inet from $client to self keep state
>> pass in quick inet from $server to self keep state
>> pass in quick inet from $server to $client keep state
>> pass in quick inet from $client to $server keep state
>>
>>
>> I have read man page of pf.conf and
>> http://www.openbsd.org/faq/pf/rdr.html#rdrnat and I have tried many
>> combinations but I can't make it work
>>
>> This is one example of many that I have tried with no success.
>>
>> The syntax is OK but there is no redirection from the mirror server to
>> the target
>
>
>
> ext_if= "{ vic0 }"
> client= "{ 10.10.15.30 }"
> mirror= "{ 10.40.20.5 }"
> server= "{ 10.50.43.7 }"
>
> # Rules
> block in log
> pass quick on lo0
> pass out keep state
>
> pass in quick from $client to $mirror rdr-to $server
> pass in quick from $client to $server nat-to $mirror
>
>> pass in quick inet from $client to self keep state
>> pass in quick inet from $server to self keep state
>> pass in quick inet from $server to $client keep state
>> pass in quick inet from $client to $server keep state
>
>
> Muhammad Muntaza bin Hatta
> --
> Indonesia
> http://muntaza.wordpress.com
