[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to route from gateway to internal net

Paul Galbraith wrote:
I have a simple setup with a obsd gateway connected to my isp, and a few machines behind it on an internal network. I have port 993 (imaps) sucessfully redirected to my mail server and that works nicely from anywhere (internal or external) _except_ from the gateway, if I'm using the external gateway address. What rules to I need to add to pf.conf to get connections from the gateway to the external address to be properly routed to the the internal mail server?

rdr on lo from ($ext_if) to ($ext_if) port imaps -> $mail_server

This seems to properly get the initial packet to the mail server when I initiate a connection from the gateway. Packets are sent out over the internal interface, from the external address, to the mail server. Returning packets are addressed from the mail server address, however, and I think they need to be sourced from ($ext_if) to work for me...I can't figure out how to do this, however...what rule will change the source address of an incoming packet? I'm under the impression that nat will only change the source of an outgoing packet...

Solved this by using nc, rather than pf, to handle the local imaps connections (as per the pf FAQ).