Thanks for the tcpdump switches. I don't know what was going on with the switches that I was using, but when I used yours, I started to get debugging info, which revealed some strange behaviour.
>From there I started to re-read (again) the docs and found and tried TCP Proxying which worked like a charm. Next time I'll try to keep my posted rules to a minimum as requested. Thanks for the help. best regards, Reid --- Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2006/02/26 14:13, Reid Nichol wrote: > > > > inet ------ andrew ------ xander > > | > > ------------ users > > > > Everything is working, NAT, RDR for the other stuff, just not the > web > > server. I've tried some variations for rdr used rdr pass, etc, but > > nothing in the logs. I use: > > a simple 'tcpdump -n port 80' on xander will show if the packets > arrive > there or not. > > > Here is andrews pf.conf: > > rdr pass on $ext_if proto tcp from any to any port 80 -> $xander > port 80 > > I couldn't identify whether you were using the 'log' rules to debug > where a basic problem with the redirect lies, or whether the problem > is > that the logging isn't working. But this creates an implicit 'pass' > rule > so if it's the latter, you probably wanted to write 'rdr pass log'. > > Just my #0.02, but it's quite a complex ruleset to be looking at > while > debugging a problem. You might want to simplify and just use the bare > minimum rules for the problem you're trying to fix. It might help > illuminate the problem and, even if it doesn't, it's easier for > people > to help if they have fewer rules to read. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com