Em 19-08-2015 09:27, Sonic escreveu: > I'm guessing you mean this example (?). > ========================================== > With an additional NAT rule on the internal interface, the lacking > source address translation described above can be achieved. > > pass in on $int_if proto tcp from $int_net to $ext_if port 80 \ > rdr-to $server > pass out on $int_if proto tcp to $server port 80 \ > received-on $int_if nat-to $int_if > ==========================================
Yes, this is what he meant. > I've tried a few different twists on it but without success so far. As > I'm coming in from the outside and need to appear that I'm inside. As > it's written "This construct is rather complex". Just to be clear, your setup is something like this?: |GW | <- machine -> |OpenBSD| - > Internet So, when your connect using OpenBSD as the router, the packets get to the machine, but since the machine doesn't have a direct route to your machine, it replies to its GW which is not from where the packet came. I just want to confirm if this is your setup. As others already mentioned, you have some options. If you don't care about UDP, you can use http://www.openbsd.org/faq/pf/rdr.html#tcpproxy. You can have a L2 VPN to your OpenBSD machine, so that you would effectively be "inside" the same network the machine is. You problem isn't unsolvable. Cheers, Giancarlo Razzolini
