You need a triad of rdr-pass in-pass out. tag/tagged is better way to do it, because rdr does its thing on the packets "to" before the pass in and out rules are evaluated. tag/tagged means you don't need to "adjust" the in/out rules.
# --- rdr on $ext_if inet proto tcp \ from any to any ($ext_if:0) port 80 \ tag "OKWEB" -> $web_server # ## pass web traffic to web_server pass in log quick on $ext_if inet proto tcp \ tagged OKWEB \ flags S/SA synproxy state # ## pass out log quick on $int_if inet proto tcp \ tagged OKWEB \ keep state # --- -----Original Message----- From: Bales, Tracy <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: pf issues with a web-server Date: Mon, 4 Feb 2008 00:31:33 -0600 rdr on $ext_if proto tcp from any to any port 80 -> $web_server
