seems like you want a dup-to rule
On Thu, 7 Apr 2011 10:36:16 +0200
rancor <theran...@gmail.com> wrote:
> Hi.
>
> I need help with a problem of mine.
>
> I want to reflect all IP from a client to a server via another machine
> called mirror. client and server can't access each other and there is
> nothing I can do about that. How ever the mirror can access both
> client and server so I want all traffic from client to mirror be
> reflected to server and all responses from the server should be
> reflected back to the client via the mirror.
>
> One upon a time this worked but since the PF has changed in the latest
> version this does not longer work in 4.8
>
> ext_if= "{ vic0 }"
> client= "{ 10.10.15.30 }"
> mirror= "{ 10.40.20.5 }"
> server= "{ 10.50.43.7 }"
>
> rdr on $ext_if from $client to $mirror -> $server
> nat on $ext_if from $client to $server -> $mirror
>
> block in log
> pass out keep state
>
> pass quick on lo0
> pass in quick inet from $client to self keep state
> pass in quick inet from $server to self keep state
> pass in quick inet from $server to $client keep state
> pass in quick inet from $client to $server keep state
>
>
> I have read man page of pf.conf and
> http://www.openbsd.org/faq/pf/rdr.html#rdrnat and I have tried many
> combinations but I can't make it work
>
> This is one example of many that I have tried with no success.
>
> The syntax is OK but there is no redirection from the mirror server to
> the target
>
> ext_if= "{ vic0 }"
> client= "{ 10.10.15.30 }"
> mirror= "{ 10.40.20.5 }"
> server= "{ 10.50.43.7 }"
>
> pass in from $client to $mirror rdr-to $server
> pass out from $client to $server nat-to $mirror
>
> # Rules
> block in log
> pass out keep state
>
> pass quick on lo0
> pass in quick inet from $client to self keep state
> pass in quick inet from $server to self keep state
> pass in quick inet from $server to $client keep state
> pass in quick inet from $client to $server keep state
>
> Best Regards rancor
>
--
With best regards,
Gregory Edigarov
