In article <[email protected]>, Ryan Brackenbury <[email protected]> wrote: >I recently got NetBSD + NPF running on a raspberrypi, and am now using it as >my gateway router (purchased a 2nd USB ethernet stick as internal nic). >Behind this router, I run a few servers and also have a 2nd router for my >home PCs - so it operates like a perimeter network. > >When I am hitting my global IP from the outside, NPF forwards my packets >correctly to my server, and I'm able to view my website. When trying to >access from one of my home PCs though, I get a connection timeout/refused. > >In Linux when I'm usually setting up a router, I am able to configure >iptables to do nat-hairpinning to any services running in the perimeter >network. I don't want to resort to split-zone DNS or other methods, so does >anyone know of a way to coerce NPF into doing nat hairpinning? > >For reference, PF seems to be able to do this (they call it "rdr-to and nat- >to combo"), but I don't know how to construct an equivalent NPF rule: >http://www.openbsd.org/faq/pf/rdr.html
ext_if= your external interface internalwww= the ip address of the internal web server map $ext_if dynamic $internalwww port 80 <- inet4($ext_if) port 80 christos
