On Sat, Sep 06, 2003 at 12:40:58AM -0600, Mike Lewinski wrote:
> From what I see there's no way to do something like:
>
> rdr proto tcp from 10.2.3.4 to any except 81.52.249.73 \
> port 80 -> 192.168.1.2
>
> Alternatively, I could try doing this at the DNS level and on my sandbox
> DNS server, wildcard everything in ".", but create the few zones with
> real records that I want the client to reach.
>
> Or maybe my sandbox could link to http://windowsupdate.microsoft.com:81
> and I can rdr that to port 80 on the real host?
>
> Are there any better ideas I'm missing here?
You should be able to accomplish this with "no rdr", something like:
no rdr on $ext_if proto tcp from 10.2.3.4 to \
{ windowsupdate.microsoft.com } port 80
