Quote:
Originally Posted by plexter
...so they do not first travel out of my network to the internet and than back in again....
|
That can be solved with local DNS. e.g.: When inside your private LAN, your local DNS server(s) respond to a resolution request for "our.webserver.inhere.com" with your inside-the-firewall address. No need to redirect with PF.
Quote:
Hmmm its unfortunate that PF will not "lookup" the IP on-the-fly.
|
There would be a significant performance impact, as each and every test of such a rule would require either an /etc/hosts lookup or a DNS request.
Quote:
Would you be able to show a sample code for PF that would work for redirection using DNS Name (I will have to just reload my config if my IP changes.)
|
I have never used name resolution with PF, but according to
pf.conf(5), host names may be used in tables or rules. Resolution is done at table load or ruleset load time. ":0" may be appended to a rule host name to limit the resolution to the first IPv4 or IPv6 address resolved, but, in tables,
all resolved addresses for a hostname are added to the table.
In your first post, you said of your rdr rules:
Quote:
I have tried adding redirect rules for my internal interface but they do not seem to be working.
|
You don't say if there are syntax failures or other issues. If the rules load, you can use
pfctl(8) with "-s <rule-section>" to see the various components of your resolved rule set.