On Thu, Apr 10, 2003 at 06:55:57PM +0600, Dmitry V. Bulashev wrote:
> Hello!
> 
> I want to use similar this struct 
> 
> rdr ep0 from 192.168.0.0/16 to ( ! to local_network/mask ) port = 80 -> 
> 127.0.0.1 port 3128
> 
> It`s possible ?
> 
> so, in pf it's i may do -
> no rdr on ep0 from 192.168.0.0/16 to local_network/mask port 80
> rdr .. [ skipped ]..
> 
> But, I'm using NetBSD && ipf 

Hum, unfortunably I can't see a clean way to do this.
I you don't have too much machines on local_network/mask, maybe you can try:
rdr ep0 from 192.168.0.0/16 to machine1  port = 80 -> machine1 port 80
rdr ep0 from 192.168.0.0/16 to machine2  port = 80 -> machine2 port 80
[...]
rdr ep0 from 192.168.0.0/16 to any port = 80 -> localhost port 3128
Maybe it need to be the other way round ("to any" being first, not
last), I don't know in which order rdr rules are matched
Maybe you can even go with
rdr ep0 from 192.168.0.0/16 to local_network/mask  port = 80 -> local_network/mask port 80
rdr ep0 from 192.168.0.0/16 to any port = 80 -> localhost port 3128
but I didn't try it

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--