On Wed, May 02, 2012 at 03:26:20PM -0300, Leonardo M. Rami wrote: > Hi, I've posted this to ServerFault.com, and I got an answer, but the > solution works only in part. > > This is my /etc/pf.conf > > set skip on lo > pass in log on em0 proto tcp from any to any port 104 rdr-to 192.65.214.131 > pass out on vic0 from em0:network to any nat-to vic0 > > I have two nics: > > vic0 192.65.214.136 > em0 192.168.200.3 > > What I want to do is to forward all packets comming into 192.168.200.3 > port 104 to 192.65.214.131 port 104. > > The above configuration works perfectly if the sender interface is in > the network 192.168.200.x, but I also must allow packets comming from > other networks, like 192.168.7.x, for example. > > How can I enable them?. >
With these redir rules redirection should just work but only in the case where the reverse traffic is also hitting the FW. If that is not the case I normaly tag the inbound traffic and use a tagged foobar nat-to ($out_if) statement to not only redir but also nat the traffic. With that I can ensure that the return traffic is flowing through the FW. -- :wq Claudio
