Instead of giving you the obligatory "man pf.conf" reply, I will do one better and reference an old reply I posed to the list with a sample pf.conf where someone asked basically the same thing. I omitted the part that matters in this example conf, but explain what you need to insert to get it to fly.
http://marc.info/?l=openbsd-misc&m=120665186412690&w=2 It all can be found under the man page on searching for reply-to or route-to. This worked for me, so if anybody has got a more elegant means of doing it they should post. ----------------- On Monday 20 October 2008 04:20:15 am Charlie Clark wrote: > Hi, > > I am trying to setup an openbsd router but are having a big problem > getting it to work. > Here is the scenario: > > The router has 3 public IP's, with 2 internet connections and sits just > outside a DMZ. Behind the router there are a number of hosts with public > IP's (DMZ). > All of the interfaces on the router are on different subnets. > Let's say that the 3 interfaces are: > > int_if = the interface which is directly connected to the DMZ > ext_if = the first internet connection (NOTE this ISP is the ISP which > allocated the IP's in the DMZ so there is no natting done on this > interface) ext2_if = the second internet connection (NOTE there is > natting on this interface so everything works fine here) > > I have setup aproxyd to answer arp requests on ext_if for all of the > IP's in the DMZ using the layout: > > proxy (IP) (MAC of ext_if) > > If I ping any IP on the net from a host in the DMZ and do a tcpdump on > the router at the same time, I can see the packet coming in int_if, then > going out ext_if, then the reply coming back in ext_if but then > disappearing. It doesn't seem to be passing the packets, destined for > the hosts in the DMZ, on to them. > > Is there something I am missing here? > The filter rules look fine and nothing is being blocked > > I would appreciate any help. > > Thanks,
