On Sat, May 12, 2007 at 12:15:24PM +0200, Alberich de megres wrote:
> On 5/12/07, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> > On 2007/05/12 11:11, Alberich de megres wrote:
> > > rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 22 ->
> > > 192.168.0.200 port 22
> > > rdr on $ext_if inet proto tcp from any to ($ext_carp_if) port 80 ->
> > > 192.168.0.200 port 80
> > >
> > > pass out all
> > > pass in all
> > >
> > > but http conections and ssh won't be redirected. If i setup httpd in
> > > firewall then i can see firewall apache daemon, but not apache on
> > > 192.168.0.200
> >
> > you _are_ testing from $ext_if, aren't you..?
>
> what you mean?
You only redirect traffic when it comes in on $ext_if; so, if try to
test your setup from any other interface, notably $int_if, you will
indeed see the Apache process on the firewall and not the host behind
it.
Joachim
--
TFMotD: ypset (8) - tell ypbind(8) which YP server process to use
