From owner-freebsd-questions@FreeBSD.ORG  Wed Feb  9 11:36:51 2011
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A6766106564A
	for <freebsd-questions@freebsd.org>;
	Wed,  9 Feb 2011 11:36:51 +0000 (UTC)
	(envelope-from freebsd-questions@herveybayaustralia.com.au)
Received: from mail.unitedinsong.com.au (mail.unitedinsong.com.au
	[150.101.178.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 5A6F38FC19
	for <freebsd-questions@freebsd.org>;
	Wed,  9 Feb 2011 11:36:51 +0000 (UTC)
Received: from laptop1.herveybayaustralia.com.au
	(laptop1.herveybayaustralia.com.au [192.168.0.186])
	by mail.unitedinsong.com.au (Postfix) with ESMTP id A328D5C44
	for <freebsd-questions@freebsd.org>;
	Wed,  9 Feb 2011 21:43:58 +1000 (EST)
Message-ID: <4D527BAC.3080805@herveybayaustralia.com.au>
Date: Wed, 09 Feb 2011 21:34:04 +1000
From: Da Rock <freebsd-questions@herveybayaustralia.com.au>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US;
	rv:1.9.1.16) Gecko/20110204 Thunderbird/3.0.11 ThunderBrowse/3.3.4
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <4D515148.3000009@herveybayaustralia.com.au>	<20110208151849.GC3267@catflap.slightlystrange.org>	<4D51CD05.8040003@herveybayaustralia.com.au>
	<20110209111646.GD3267@catflap.slightlystrange.org>
In-Reply-To: <20110209111646.GD3267@catflap.slightlystrange.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: pf, binat, rdr, and one ip
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2011 11:36:51 -0000

On 02/09/11 21:16, Daniel Bye wrote:
> On Wed, Feb 09, 2011 at 09:08:53AM +1000, Da Rock wrote:
>    
>> On 02/09/11 01:18, Daniel Bye wrote:
>>      
>>> On Wed, Feb 09, 2011 at 12:20:56AM +1000, Da Rock wrote:
>>>
>>>        
>>>> A very quick question.
>>>>
>>>> PF firewall. One static public IP. About 6 servers on the internal
>>>> network (dmz). One server binat in the pf.conf, the rest redirected.
>>>>
>>>> Possible? Or would it die in the hole?
>>>>
>>>>          
>>> I guess you're concerned about performance and resource usage? If so, this
>>> may be helpful.
>>>
>>> http://www.openbsd.org/faq/pf/perf.html
>>>
>>> Dan
>>>
>>>        
>> Useful info to have, thanks. But no, I'm interested in if the binatting
>> will interfere with the rdr's (or vice versa).
>>      
> Ah, I see. I don't know, is the straight answer - I've never needed to use
> both together. A bit of idle googling seems to suggest it's possible, but
> I don't have time right now to dig any deeper.
>    
Thats exactly what I got too. Nothing definitive to go on. Apparently 
not a very common arrangement. It *seems* to be working, but there are 
some weird quirks I can't quite account for. Hence the question to the 
guys who'd know... :)