[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr, nat to a internal webserver



hi all,
i have a webserver running on 172.16.0.10 which has as default gw
172.16.0.5
my openbsd firewall is at 172.16.0.2 (i am migrating from a linux
firewall to an openbsd firewall)
so when packets arive on my external ip port 80 (owned by the openbsd
firewall) - then i'd like the packets to go to my internal webserver -
which is easily done with a rdr rule (which works well). The webserver
then answer to the packet (the webserver thinks the packet is comming
from an external address) over the  default route - which wont work. So
i thought that i can add a nat rule to my internal interface so that
packets for port 80 going to my webserver get translated to the internal
ip from my openbsd firewall - so that the webserver thinks that the
request is comming directly from my firewall. This also works - but it
seems that the firewall then isn't translating the request back to the
right address
Can something like this be done with pf  - or do i need something else ?
best regards
Wolfgang