View Single Post
  #4   (View Single Post)  
Old 5th March 2010
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

The section of the PF FAQ on Redirection and Reflection says (highlight mine):
Quote:
...redirection rules apply only to packets that pass through the specified interface....Connecting to the external address...does not mean the packets will actually pass through its external interface. The TCP/IP stack on the firewall compares the destination address of incoming packets with its own addresses and aliases and detects connections to itself as soon as they have passed the internal interface. Such packets do not physically pass through the external interface, and the stack does not simulate such a passage in any way. Thus, PF never sees these packets on the external interface, and the redirection rule, specifying the external interface, does not apply.
What I would do, if I were you: use the loopback interface. If that alone does not solve the problem, then enable packet forwarding, and see if it makes a difference.

If both of those things do not help, then your next step is to trace your rules with tcpdump(8) and pflog(4), as described in the PF FAQ's chapter on logging.
Reply With Quote