I think this is why I choose binat, so it works bilateral... serves the same function, doesnt it?
On Mon, Sep 21, 2009 at 1:34 PM, James Records <[email protected]>wrote: > I think you are probably missing a route back to your source through the > middle box. You might want to look at relayd to "relay" the connection to > the other box, I believe that would get you what you want. > > J > > > On Mon, Sep 21, 2009 at 10:50 AM, Matthew Young <[email protected]>wrote: > >> Hello, >> >> Iam trying to setup a PF box with ONE interface on a public IP to be able >> to redirect all packets that come to one of its IPs to another IP. The >> objective is to cloak the IP of the final destination. Please note that >> there is a public IP on both sides. >> >> 1.1.1.1 (me) ---> 2.2.2.2 (PF box with binat) --> 3.3.3.3 >> >> So, if I want to SSH in 3.3.3.3 for example I could just ssh into 2.2.2.2 >> . >> >> >> Here is my pf.conf: >> >> # cat >> /etc/pf.conf >> t_externa = "re0" >> >> web_serv_int = "1.1.1.1" >> web_serv_ext = "3.3.3.3" >> >> binat on $t_externa from $web_serv_int to any -> $web_serv_ext >> >> >> >> I have also tried to add 1.1.1.1 as an ipaliase in the PF box ... but that >> just makes all my communications hang if I try to SSH to 2.2.2.2 from >> 1.1.1.1. >> >> >> Is there something Iam missing? I think this would be possible, right? >> >> >> --Matt
