On Tue, Jul 01, 2003 at 04:46:07PM -0700, Aaron J. Grier wrote:
> On Tue, Jul 01, 2003 at 10:31:33PM +0200, Manuel Bouyer wrote:
> > On Mon, Jun 30, 2003 at 01:45:09PM -0700, Aaron J. Grier wrote:
> > > I've tried adding the following, but it doesn't seem to work:
> > > 
> > > rdr le0 10.0.0.0/8 port 80 -> 10.0.0.6 port 80 tcp
> > 
> > No, this can't work, because the reply from 10.0.0.6 to the client
> > doesn't get though the router, and so the reply isn't translated.  The
> > client connected to publicip:80, and it gets replies from 10.0.0.6:80.
> 
> that's what my tcpdump showed...
> 
> > What I would do, in your case, is split 10.0.0.0/8 in 2 10.0.0.0/16.
> > Put your server on one, the clients on the others, and an alias on the
> > le0 interface so that the router is in both. Now all traffic between
> > the client and server will go though the router.
> 
> this assumes that the clients are separate from the server, which I
> cannot guarantee with my current configuration.  Ideally connecting from
> 10.0.0.6 to publicIP:80 should be proxied back to 10.0.0.6:80.
> 
> it is starting to sound like the simplest solution would be to run split
> internal/external DNS, or use bind9's views.

Or just use /etc/hosts :)
Unless you have lots of clients.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--