pf, binat, rdr, and one ip
Da Rock
freebsd-questions at herveybayaustralia.com.au
Wed Feb 9 11:36:51 UTC 2011
On 02/09/11 21:16, Daniel Bye wrote:
> On Wed, Feb 09, 2011 at 09:08:53AM +1000, Da Rock wrote:
>
>> On 02/09/11 01:18, Daniel Bye wrote:
>>
>>> On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
>>>
>>>
>>>> A very quick question.
>>>>
>>>> PF firewall. One static public IP. About 6 servers on the internal
>>>> network (dmz). One server binat in the pf.conf, the rest redirected.
>>>>
>>>> Possible? Or would it die in the hole?
>>>>
>>>>
>>> I guess you're concerned about performance and resource usage? If so, this
>>> may be helpful.
>>>
>>> http://www.openbsd.org/faq/pf/perf.html
>>>
>>> Dan
>>>
>>>
>> Useful info to have, thanks. But no, I'm interested in if the binatting
>> will interfere with the rdr's (or vice versa).
>>
> Ah, I see. I don't know, is the straight answer - I've never needed to use
> both together. A bit of idle googling seems to suggest it's possible, but
> I don't have time right now to dig any deeper.
>
Thats exactly what I got too. Nothing definitive to go on. Apparently
not a very common arrangement. It *seems* to be working, but there are
some weird quirks I can't quite account for. Hence the question to the
guys who'd know... :)
More information about the freebsd-questions
mailing list