View Single Post
  #4   (View Single Post)  
Old 12th September 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Code:
#
rdr on $ext_if proto tcp from any to ($ext_if) port 80 -> <server ip> port 80
rdr on $ext_if proto tcp from any to ($ext_if) port 25 -> <server ip> port 25
#
pass in on $ext_if proto tcp from any to ($ext_if) port 80 synproxy state  # <- this rule, as written, will NEVER be true because the rdr re-write has occurred.
pass in on $ext_if proto tcp from any to ($ext_if) port 25
#
rdr action occurs first and changes the packet's dest to <server_ip> from ($ext_if); therefore, the working rdr-pass pair is as follows

Code:
#
rdr on $ext_if inet proto tcp \
 from any to ($ext_if) port 80 -> <server ip> port 80
#
pass in on $ext_if inet proto tcp \
 from any to <server_ip> port 80 synproxy state
#
And, imo, I prefer using tag/tagged and let pf keep track of the ip-addr-in-motion...

Code:
#
rdr on $ext_if inet proto tcp \
 from any to ($ext_if) port 80 tag OKHTTP -> <server ip> port 80
#
pass in on $ext_if inet proto tcp \
 tagged OKHTTP synproxy state
#
pass out on $LNETTR_if inet proto tcp \
 tagged OKHTTP keep state
#
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 12th September 2008 at 03:21 AM.
Reply With Quote