You need to take advantage of the 'reply-to' option. Remove the 'pass' from the rdr and create a new rule with the following syntax:
pass in on $up2_if reply-to ($up2_if $ext_gw2) proto tcp from any to 10.0.0.2 port http -Steve S. Chris Mair wrote: > Hi all, > > I'm a bit stuck with the following setup. > > OpenBSD 4.2 > 4 NICs > > lan_if = 192.168.1.1 -> LAN > up1_if = 192.168.0.1 -> Router (internet uplink 1) > > up2_if = -> PPPoE Modem (internet uplink 2) > dmz_if = 10.0.0.1 -> DMZ (containing just one machine, 10.0.0.2) > > What I've got - and is working - is a setup where the LAN connects > with NAT through uplink 1 and the single machine in the DMZ > connects with NAT through uplink 2. > > (pf.conf is below) > > What I failed to get working is a rdr rule that port forwards incoming > traffic on up2_if port 80 to the machine in the DMZ (10.0.0.2). > > I've tried: > ..
