I've been having quite a bit of issues trying to set this up. Basically i have an openbsd box that filters all inbound/outbound traffic for 7 class c's. I'm implementing ASSP for spam filtering since the previous admin where i work thought it would be a great idea to have all 2000+ ips listen on port 25 for smtp connections. We receive 400-800 simultaneous smtp connections per second. I would like to tunnel these to a dual quad 8gb box i have set up for filtering, however i cant seem to get reverse traffic working. I have no clue if this is even possible, but any information would help.
INTERNET -> DMZ -> OBSD -> xxx.xxx.1-7.xxx
Ideally i would like all connections on 25/587 to redirect to xxx.xxx.3.1
so smtp -> ANY -> xxx.xxx.3.1
Code:
table <colo> const { xxx.xxx.1/24, xxx.xxx.2/24, xxx.xxx.3/24, xxx.xxx.4/24, xxx.xxx.5/24, xxx.xxx.6/24, xxx.xxx.7/24}
nat on $ext_if from <colo> -> ($ext_if)
rdr on $ext_if proto tcp from any to <colo> port 25 -> xxx.xxx.3.1 port 26
when i set it up this way the reverse route doesn't seem to complete
pfctl -s state gives the following
all tcp xxx.xxx.3.1:26 <- xxx.xxx.1.1:25 <- HOMEIP:61516 CLOSED:SYN_SENT
all tcp HOMEIP:61516 -> xxx.xxx.3.1:26 SYN_SENT:CLOSED
I'm guessing i need a route-to for each of the subnets/gateways?