John R. Shannon wrote:
On Monday 09 January 2006 03:53, you wrote:
Hi,
I'm pretty new to pf and OpenBSD which maybe explains why I'm still not
sure after reading the man pages and docs how to solve this;
I'm trying to figure out how do use rdr in combination with outgoing nat.
External interface is 213.115.246.36/29 net with a 213.115.161.0/25
alias net.
Dmz is 192.168.78.0/25 with several different www, smtp and ftp servers.
I want a smtp request to one of the ip-aliases on the ext if to be
redirected to the corresponding ip on the dmz, 213.115.161.1 port 25 ->
192.168.78.1 port 25, ok this is rdr.
At the same time I want the 192.168.78.1 smtp server to be nated to
213.115.161.1 when doing outgoing smtp connections. Eg. all servers on
the dmz should be nated to the correspoding public ip alias on the
external interface when doing outgoing connections.
Is binat the key here, or any other suggestions on how to best solve this?
Thanks
Johan Linner
You can do it either with binat or a combination of nat and rdr. Although:
tcpInit="S/SAFR"
MAIL="192.168.78.1"
MAIL_NET0="213.115.161.1"
...
binat on $NET0_IF inet from $MAIL to any -> $MAIL_NET0
...
pass in quick on $NET0_IF inet proto tcp from any to $MAIL port smtp flags
$tcpInit keep state
is probably what you want.
Someone out there having an example of how to use nat/rdr instead of binat?
Is one method better than the other (binat vs nat/rdr) concerning
performance, number of rules you have to put in pf.conf etc?
Thanks,
Johan
