Hi Vladimir,
You should post your pf.conf from 10.0.5.200. It seems that you block
port 80 on 10.0.5.200.
Vladimir wrote:
dane johansen wrote:
Probably you run into this situation:
client (10.0.5.233 <http://10.0.5.233>) -> firewall (10.0.5.200
<http://10.0.5.200>) -> rdr -> server (10.0.5.81 <http://10.0.5.81>)
No servers see's that packet came in from the same subnet and goes
directly to the client which does not expect reply from 10.0.5.81
<http://10.0.5.81> it expects reply from 10.0.5.200 <http://10.0.5.200>.
You may want to read this:
http://www.openbsd.org/faq/pf/rdr.html#reflect
I obviously omitted the most pertinent information. My apologies.
client's IP is actually 10.0.1.50 coming from a different subnet so
the path is really
client (10.0.1.50) -> firewall (10.0.1.1) -> firewall (10.0.5.200) ->
rdr -> server (10.0.5.81 => gw is 10.0.5.1)
Vladimir
