On Wed, Aug 17, 2005 at 01:39:03AM -0400, Peter Matulis wrote: > When I needed to provide access to lan clients I added this line: > > rdr on $INT inet proto tcp from $LAN_clients to $EXT port 80 -> 192.168.2.214 > > All is well.
Make sure you understand http://www.openbsd.org/faq/pf/rdr.html#reflect Unless 192.168.2.214 is on a subnet separate from sonata (and replies from 192.168.2.214 to sonata pass back through the pf box), the resets are a normal (though possibly surprising) reaction, explained by the document above. The easiest way to ensure this is described in the section "Moving the Server Into a Separate Local Network", i.e. connect the redirected-to server through a third NIC on a dedicated (sub)net. If the setup works for some clients, but not all of them, make sure all server replies are routed back through the pf box to all clients, and the web server has no direct routes to any clients. On the same client box, the browser (lynx vs. Mozilla) shouldn't matter in this regard. The proxy's rewrite rule should not cause resets, there might be additional problems (if only rewritten requests are reset), make sure the above is resolved and follow-up if problems persist. Running tcpdump with -s 1600 -vvvX might provide further hints (printing the HTTP payload, after the TCP handshake). Daniel
