On 11/23/2014 01:12 PM, Peter N. M. Hansteen wrote: > Jason Adams <adams...@gmail.com> writes: > >> Tom Estep (shorewall) has a faq about this issue (routeback) >> that applies to the iptables world http://shorewall.net/4.2/FAQ.htm#faq2 >> also read faq2b at same link. > I must confess not reading this thread too carefully, but if what that > faq describes is the problem, you need to look at the contortions taken at eg > http://www.openbsd.org/faq/pf/rdr.html#reflect > > Also a variation at http://home.nuug.no/~peter/pf/newest/rdr2servers.html and > the slides immediately following. > > - Peter In the end, I went with a split horizon dns server, as your first link (and Shorewall) suggested.
Since I was setting up a dns server anyway, and this did in fact solve all of our problems (mail and web) in one stroke rather than a dozen rules. I believe the RDR-TO and NAT-TO Combination mentioned in your first slide was the alternative but it required two rules for each service, and you can just forget about ftp. Still I wonder why it USED to work for Soós László in 5.5? -- Those who do not understand Unix are condemned to reinvent it, poorly.
