I think you are probably missing a route back to your source through the middle box. You might want to look at relayd to "relay" the connection to the other box, I believe that would get you what you want.
J On Mon, Sep 21, 2009 at 10:50 AM, Matthew Young <myoung24...@gmail.com>wrote: > Hello, > > Iam trying to setup a PF box with ONE interface on a public IP to be able > to redirect all packets that come to one of its IPs to another IP. The > objective is to cloak the IP of the final destination. Please note that > there is a public IP on both sides. > > 1.1.1.1 (me) ---> 2.2.2.2 (PF box with binat) --> 3.3.3.3 > > So, if I want to SSH in 3.3.3.3 for example I could just ssh into 2.2.2.2 . > > > Here is my pf.conf: > > # cat > /etc/pf.conf > t_externa = "re0" > > web_serv_int = "1.1.1.1" > web_serv_ext = "3.3.3.3" > > binat on $t_externa from $web_serv_int to any -> $web_serv_ext > > > > I have also tried to add 1.1.1.1 as an ipaliase in the PF box ... but that > just makes all my communications hang if I try to SSH to 2.2.2.2 from > 1.1.1.1. > > > Is there something Iam missing? I think this would be possible, right? > > > --Matt
