or alternately, use tables in 3.3 and beyond:
table <oksites> { 81.52.249.73 }
rdr proto tcp from 10.2.3.4 to ! <oksites> port 80 -> 192.168.1.2
.. and technically you don't need a table if you have a single ip.
--
Todd Fries .. [EMAIL PROTECTED]
Free Daemon Consulting, LLC Land: 405-748-4596
http://FreeDaemonConsulting.com Mobile: 405-203-6124
"..in support of free software solutions."
Key fingerprint: 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
Key: http://todd.fries.net/pgp.txt
(last updated 2003/03/13 07:14:10)
Penned by Jolan Luff on Sat, Sep 06, 2003 at 02:32:29AM -0500, we have:
| On Sat, Sep 06, 2003 at 12:40:58AM -0600, Mike Lewinski wrote:
| > From what I see there's no way to do something like:
| >
| > rdr proto tcp from 10.2.3.4 to any except 81.52.249.73 \
| > port 80 -> 192.168.1.2
| >
| > Alternatively, I could try doing this at the DNS level and on my sandbox
| > DNS server, wildcard everything in ".", but create the few zones with
| > real records that I want the client to reach.
| >
| > Or maybe my sandbox could link to http://windowsupdate.microsoft.com:81
| > and I can rdr that to port 80 on the real host?
| >
| > Are there any better ideas I'm missing here?
|
| You should be able to accomplish this with "no rdr", something like:
|
| no rdr on $ext_if proto tcp from 10.2.3.4 to \
| { windowsupdate.microsoft.com } port 80
