View Single Post
Old 3rd January 2009
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366

So you want any traffic trying to leave your external interface to be redirected to your server on its address? That is what that rule says - find any packet on ext_if with the from address set to ext_if's address and change it's to address to I think that will fail spectacularly, as the packets will hit the public network with a non-routeable address, and be summarily dropped by your isp's gateway.

Try this: If you want a computer on the DMZ network (, say) to handle http: traffic, then this rule accomplishes that:
rdr on ext_if proto tcp from any to ($ext_if) port http ->
A similar rule will be required for each service you want to expose in the DMZ. (This is not really a DMZ, as to properly set one up, you need multiple routable IP addresses to assign to your servers.)
The only dumb question is a question not asked.
The only dumb answer is an answer not given.

Last edited by robbak; 3rd January 2009 at 01:09 AM.
Reply With Quote