Hi, It looks like a usecase for binat.
http://man.openbsd.org/pf.conf#binat-to BR, Pedro Caetano A segunda, 25/11/2019, 15:40, Henry Jensen <[email protected]> escreveu: > Hi, > > my ISP provides me with a /29 subnet, including 5 usable public IPv4 > addresses. > > Until now my router uses only one of this public IPs (11.22.33.40), > with port forwarding of port 443 to an host in a DMZ(192.168.1.0/24) > like this: > > pass in on egress proto tcp from any to any port 443 rdr-to 192.168.1.2 > > Now I plan to have a second host in the DMZ which should use another > public IP from the subnet the ISP gave me. > > In other words, I want to do the following > > 192.168.1.2 < rdr-to/nat-to > 11.22.33.40 > 192.168.1.3 < rdr-to/nat-to > 11.22.33.41 > > I plan to give the outgoing interface the second public IP > (11.22.33.41) as an alias, so the egress interface holds both public IP > addresses. Question is, how do I do the routing so that DMZ host > 192.168.1.3 uses public IP 11.22.33.41 exclusively? > > Do I have to use rtables and rdomains or is there a simpler approach? > > Thanks in advance, > > Henry > > > > > > >
