On Fri, Feb 15, 2008 at 11:19 PM, Jose H. <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I have a screened network with nat+rdr
>
> Using nat I have some like this
> nat on $ext_if from $int_server1 to port smtp -> $ext_server1
>
> Using rdr I have:
> rdr on $ext_if proto tcp to $ext_sever1 port smtp -> $int_server1
>
> And then:
> pass inet proto tcp to { $int_server1, $ext_server1 } port smtp keep
> state
>
> I also have:
> pass inet proto tcp from $int_net to $ext_if:network keep state
>
>
> The only problem is that the internal servers can't connect to the
> external IPs
> for example:
>
> from $int_server3 to $ext_server1 on smtp
>
> Any help appreciated !
>
> --
> Write to be understood, speak to be heard, read to grow.
>
>
This reason is very well explained in the newest OpenBSD PF book by Peter N.
M. Hansteen (The Book of PF) :-).
I highly recommend it as a great complement to the PF FAQ.
