On Nov 30, 2005, at 1:05 PM, Elijah Savage wrote:
Anthony Oteri wrote:
I was just having this problem last night and just found the solution
in the pf faq
you may want to look here.
http://www.openbsd.org/faq/pf/rdr.html#reflect
The bottom of this page describes 3 seperate approaches for doing
what
you want to do.
On 11/30/05, Elijah Savage <[EMAIL PROTECTED]> wrote:
I think you misunderstood I can get out through the firewall and
the mail can be sent to internet host, but internet host can't
reach the internal host as my ruleset has exactly waht the pf.faq
has in it for redirection that was the first page I hit when this
did not work. But I will give Peter's suggestion a try.
It sounds like you didn't read the link Anthony and I provided. It
explains that when you redirect as you are, that the destination
address changes (to the internal server), but the source address
stays the same (your client). When the server receives the SYN and
attempts to ACK the connection, it does NOT send the packet back
through the firewall; it sees the client as existing on the same
LAN, so it attempts direct delivery to the client. The client, not
recognizing any connections from "internal server", discards the packet.
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
