-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Op 27-9-2017 om 11:20 schreef Markus Rosjat: > Hi there, > > I have a small problem getting a wordpress instance, that works with ips in the url, to work from the internal net. > > So here ist the setup > > a webserver for some application behind a Openbsd Firewall (webbserver is openBSD 6.0) I have a static ip for my external nic and the wordpress instance uses the external ip in the site url. Additionally I have to use a diffrent port then https because there is a proxy server listining for some other application. > > While reaching the site from the outsite world is no problem because its simple redirect to the webserver and the wordpress instance has the url saved it becomes kinda tricky to reach the wordpress instance from the inside. in the internal net the webserver is listens on port 80 and 443 so I can reach it from the inside but then the wordpress instance is rewiriting the url to a port that isnt 443 becuase from the outsideworld it expects a diffrent port. > > So question now is, is it possible to route the way from inside to the outside and back without inventing the wheel new or is it simpler just to let the webserver listen to the diffrent port too? > > I hope it makes sense to someone to give me a push in the right direction > > regards > Hi,
I think you are looking for something along the lines like: match in on $vlan1 proto tcp from any to $realoutside port 443 rdr-to $misp port 443 vlan1 is an inside network, and misp is an internal machine (was reachable from the outside and needed to be reachable on the inside as well). Am I correct? Regards, Erik -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJZy814AAoJEAeixT/cUIgnicQP/0+bYFH04K3ZagwfTi22NjMN 0txdUlLJCIJtRVaeLFJ4u7MDCKC9CzJO6s7NIwBmwKmaE40fL+itWAJH/qQ1DRQ3 uyG8AlccGLS+KnjNze7zR3rDPMsJFrgtOKVAU0YRNYEFxS0ShYBzme8ZydAwxq7M Br/RxTHEA1kV0kfYk7z1JffdjYkGPpZG9/ocwdVKiwKBOf0LAz8OrlAwEhDcjd/B jWs/T6GkFNDUo1qS1kmRpwXGIHCGjNdz9k1y3kaZ0lz2htt5ITfya1+d09kFNtaB N/OIOwj2mLF6WnJrQ/RDmqEDzIX74XUROH7a1hKJpIhDU8yVRgva/czR5CCkOz+m xwEKESeXhhccOF1aCmY/K3btK0LuBxQqxg48T0XiWeSFyK0V4+nMy4Ddohfuvoll xyYt225XIWB+9hgNOTuChtuy7hKltj8Lv3dyTrNxkRRd/VFF2d0hm/e4FB3NLdFJ 9SwfeOp/NJ33vc3Z0ohx8589sWfL47IleEQWxEBebVE8uQQI/d+bygDa/HhUaB+W P1jzETwHeis/SrIp7wShWC600lCsoNLWvcMHrR0Yu2oCNJsUsbwYvs7SmBIvYBty F6GVpP4Y62hwbHWIL/nALdJSUF6r0GDsn+Gd1DLxQ6ZzP++bBScq93zdW0VXsIxo 3/vQdsjNd6uhh7JwhiXW =XXdi -----END PGP SIGNATURE-----