Hi jggimi,
The example from that section, that's what i've been basing mine on. You say the issue has to do with the redirection, do you mean the rdr-to rule should be excluded?
Code:
pass in on 192.168.0.1 inet proto tcp from 192.168.0.3 to 192.168.1.2 port 80 nat-to 192.168.1.1
Code:
test# tcpdump -n -i re0 port 80
tcpdump: listening on re0, link-type EN10MB
16:00:56.201078 192.168.0.3.39157 > 192.168.1.2.80: S 1831632233:1831632233(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 396746662 0> (DF)
16:00:56.461130 192.168.0.3.40049 > 192.168.1.2.80: S 2135530915:2135530915(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 1695820090 0> (DF)
Code:
test# tcpdump -n -i re1 port 80
tcpdump: listening on re1, link-type EN10MB
16:00:56.201134 192.168.1.1.64573 > 192.168.1.2.80: S 1831632233:1831632233(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 396746662 0>
16:00:56.201721 192.168.1.2.80 > 192.168.1.1.64573: S 3651808616:3651808616(0) ack 1831632234 win 5792 <mss 1460,sackOK,timestamp 6019177 396746662,nop,wscale 7> (DF)
16:00:56.201782 192.168.1.1.64573 > 192.168.1.2.80: R 1831632234:1831632234(0) win 0 (DF)
16:00:56.461183 192.168.1.1.63859 > 192.168.1.2.80: S 2135530915:2135530915(0) win 16384 <mss 1440,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 1695820090 0>
16:00:56.461661 192.168.1.2.80 > 192.168.1.1.63859: S 3653687898:3653687898(0) ack 2135530916 win 5792 <mss 1460,sackOK,timestamp 6019229 1695820090,nop,wscale 7> (DF)
16:00:56.461717 192.168.1.1.63859 > 192.168.1.2.80: R 2135530916:2135530916(0) win 0 (DF)
The source address is now translated but the reply from the server doesn't reach the client.