> tcpdump on interface pflog0 will only show packets blocked by pf with > block rules that have the 'log' option, so it's expected that you don't > see anything there. My apologies... this clearly shows my ignorance about packet filtering.
> 3) Make sure the internal web server uses the pf machine as default > gateway, so that all packets it sends actually go through pf (otherwise > the setup can't possibly work). Is there another route to the Internet > besides the pf box? All your suggestions worked up until the point above. I had changed the default gateway on my Linux webserver to the openbsd box, but only did a "soft" network restart. For some reason, the change didn't get recognized and that's what was puzzling me this whole time. This time, I did a hard reboot and the gateway was changed and the rdr rules worked! Thanks for your help Daniel. > 5) Then connect to 142.179.111.111 port 80 from the outside. The > redirection won't work from local machines, you have to connect from the > outside, so that the connection actually arrives at the firewall > _through_ xl0. This is confirmed by 1) as well. One question about the above point. Is it possible to setup the configuration in a way that redirection WILL work from local machines (within the private LAN)? Ben -- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup
