[bsd_matt]

I am working at a web-host. I have pf setup (using rdr-to) to redirect internet IP's to the local LAN. The problem is that the local boxes see my Internet addy as the source and not the clients internet addy. Traffic is still getting routed correctly, but my SQL logs all show access from _myIP_ and not the real IP.

i.e. My internet IP range = 1.1.1.1 : 1.1.1.200
gateway = 1.1.1.1
www mapped to: 1.1.1.3
mysql = 1.1.1.4
ftp = 1.1.1.5
...etc.

When a client hits our web-server or sql box the logs on these boxes show "connection from 1.1.1.3" (which is the mapping from pf.conf for that 'service')
I want it to show: "connection from 123.54.22.244" or the clients actual IP

I have been mucking around with the pf.conf rules changing rdr-to into nat-to (and others...) but nothing 'fixes' it.

History: We have an old OpenBSD4.8 box that is currently running as our firewall/gateway. It does this behaviour as desired. I only see this issue on a new OBSDv5.3 that we are trying to migrate to.

Help... please!