On 2012-05-02 23:27:44 +0200, Claudio Jeker wrote: > On Wed, May 02, 2012 at 03:26:20PM -0300, Leonardo M. Rami wrote: > > Hi, I've posted this to ServerFault.com, and I got an answer, but the > > solution works only in part. > > > > This is my /etc/pf.conf > > > > set skip on lo > > pass in log on em0 proto tcp from any to any port 104 rdr-to 192.65.214.131 > > pass out on vic0 from em0:network to any nat-to vic0 > > > > I have two nics: > > > > vic0 192.65.214.136 > > em0 192.168.200.3 > > > > What I want to do is to forward all packets comming into 192.168.200.3 > > port 104 to 192.65.214.131 port 104. > > > > The above configuration works perfectly if the sender interface is in > > the network 192.168.200.x, but I also must allow packets comming from > > other networks, like 192.168.7.x, for example. > > > > How can I enable them?. > > > > With these redir rules redirection should just work but only in the case > where the reverse traffic is also hitting the FW. If that is not the case > I normaly tag the inbound traffic and use a tagged foobar nat-to ($out_if) > statement to not only redir but also nat the traffic. With that I can > ensure that the return traffic is flowing through the FW. >
Thanks Claudio, could you give an example?. Regards, -- Leonardo M. Rami Medical IT - Griensu S.A. Av. Colsn 636 - Piso 8 Of. A X5000EPT -- Csrdoba Tel.: +54(351)4246924 +54(351)4247788 +54(351)4247979 int. 19 Cel.: +54(351)156629292
