On Sat, Apr 26, 2008 at 6:17 PM, Parvinder Bhasin
<[EMAIL PROTECTED]> wrote:
> I have 2 webservers on my internal lan. Both have associated EXTERNAL IPs.
> I setup an OpenBSD box with PF to do firewalling and redirection. Do I also
> have to put the 2 external IPs on the external interface of my PF box as
> aliases?
For pf to redirect IP traffic, those packets have to pass through the
OpenBSD host. In your case, the easiest way to do this is simply add
those addresses as aliases to the external interface. (You could also
assign those IPs to a subnet that is routed to the OpenBSD host, but
that takes more work if you don't already have your network setup to
accommodate it.)
> If I do put in the aliases and I am also doing NAT-ing on the internal lan
> , would PF do some kind of round-robin using different EXTERNAL IPs to go
> out to the net? I don't want that behaviour. How can I make PF go out on
> only one pre-determined external IP and not the aliases that I am using for
> the webservers?
You can specify $ext_if:0 after the "->" in the nat-rule, e.g.:
nat on $ext_if from $int_if:network to any -> $ext_if:0
