[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rdr pass, max-src-conn



On Wed, Sep 07, 2005 at 07:09:42PM +0100, ed wrote:
> rdr pass on $ext_if proto tcp from any to 1.2.3.4 port 80 -> 10.10.10.10
      ^^^^
This will skip evaluation of all filter rules, hence no matter what the
filter rules would do, they're skipped.
> rdr on $ext_if proto tcp from any to 1.2.3.4 port 80 -> 10.10.10.10
> pass on $ext_if proto tcp from any to 1.2.3.4 port {80,3389}
Packets will have their destination address replaced with 10.10.10.10
when filter rules are evaluated (translation always happens first).
So the pass rule needs to be "to 10.10.10.10" instead of "to 1.2.3.4".
Daniel