* Harald Dunkel <harald.dun...@aixigo.de> [2011-01-20 09:18]: > Hi folks, > > In the example for the rdr-to and nat-to combination in > the pf FAQs it seems that the http traffic is redirected > back through the incoming interface: > > > pass in on $int_if proto tcp from $int_net to $ext_if port 80 \ > rdr-to $server > pass out on $int_if proto tcp to $server port 80 \ > received-on $int_if nat-to $int_if > > > $server seems to be a member of $int_if:network, AFAICS. > > According to the man page this won't work: > > "Redirections cannot reflect packets back through the > interface they arrive on, they can only be redirected > to hosts connected to different interfaces or to the > firewall itself." > > > Which one is right? Any helpful comment would be highly > appreciated.
with the extra nat-to it works. we did have a note about reflection somewhere explaining it i believe. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
