Marko Cupa??(marko.cu...@mimar.rs) on 2014.05.30 11:32:14 +0200: > Hi, > > let's say for example I have web server on internal network, and I have > redirected tcp port 80 from firewall to it: > > pass in on $ext_if inet proto tcp from any to $pub_web port 80 \ > rdr-to $priv_web
>From the wording of your subject, i suspect you somehow think that rdr-to has something to do with "icmp redirects", icmp messages with type 5. This is not so. > Assuming that $pub_web ip address is used exclusively for web server > access, and no other ports are redirected to other internal addresses, > should I also redirect icmp: > > pass in on $ext_if inet proto icmp from any to $pub_web rdr-to $priv_web No.
