On Wed, Sep 17, 2008 at 10:12:39AM -0700, Bill Johnstone wrote: > Hello. > > I have a couple of hosts that I want to to use binat with. However, I > would like a daemon running locally on the pf machine to be accessible > via a tcp port on one of the external IP addresses.
You could do something like this if the local daemon listens on port 10000: ext_if="lo0" ext_ip1="192.168.0.2" ext_ip2="192.168.0.3" host1="10.0.0.2" host2="10.0.0.3" binat on $ext_if from $host1 to any -> $ext_ip1 nat on $ext_if from $host2 to any -> $ext_ip2 rdr on $ext_if inet proto tcp from any to $ext_ip2 port 1:9999 -> $host2 rdr on $ext_if inet proto tcp from any to $ext_ip2 port 10001:65535 -> $host2 rdr on $ext_if inet proto udp from any to $ext_ip2 -> $host2 rdr on $ext_if inet proto icmp from any to $ext_ip2 -> $host2 Please excuse the badly chosen interface and addresses... Unfortunately, the unary operator != doesn't work with translation rules, so we cannot do "port != $local_daemon_port". Martin
