The Gateway(or NAT server) is build by OpenBSD 6.4
Here is my network:
Fixed IPs for both Internal (IP: 10.100.128.254) and External (IP: public IP address for the Internal webserver)
IP for the Internal webserver behind the Gateway: 10.100.128.1
All Internal clients are 10.100.128.0/22
Here is the configuration:
content of /etc/pf.conf
Code:
INT_IF="em1"
BLMCSS="10.100.128.0/22"
set block-policy drop
set loginterface egress
set skip on lo
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from $INT_IF:network to any nat-to (egress:0)
antispoof quick for { egress $INT_IF }
block in quick on egress from $BLMCSS to any
block return out quick on egress from any to $BLMCSS
block all
pass out quick inet
pass in on $INT_IF proto udp from $BLMCSS to any port { domain ntp }
pass in on $INT_IF proto tcp from $BLMCSS to any
pass in on egress inet proto tcp from any to (egress) port { 80 443 } rdr-to 10.100.128.1
All the Internal clients can go to the Internal ==> NAT works fine
Clients from OUTSIDE can reach the Internal webserver ==> port-redirection (last line in the pf.conf) works fine
Clients form INSIDE CANNOT reach the webserver (tried both public IP and Internal IP) ==> anything missing, pls. HELP
Thanks