Hi folks,

I have a firewall basically masking a bunch of IPs behind it, and a
bunch of rules that do RDRs from an IP on interface1 to an IP on
interface 2. These are 1-to-1 IP mappings. The firewall has a bunch
of CARP IPs defined on the external interface that map back to real
IPs (servers) behind it.

I could have sworn I once saw a way to do this with tables or macros
on each end of the RDR but I've been googling for some time now and
coming up with nothing. And even checked my PDF copy of the book of
PF and search on every instance of "rdr" and found nothing.

Basically a bunch of these :

pass in quick log on $extIf inet proto tcp from any to (external IP
#1) port (some port) rdr-to (internal IP #1)
pass in quick log on $extIf inet proto tcp from any to (external IP
#2) port (some port) rdr-to (internal IP #2)

and so on.

I guess I could just try it on a DEV box but I'd like to know first.
Either define a macro or table for both the internal and external IPs
and let PF forward from the first one listed on the left, to the first
one on the right, and 2nd to 2nd and so on.

internalIPS = { 1 2 3 }
externalIPS = { 4 5 6 }

pass in quick log on $extIf inet proto tcp from any to (externalIPs)
port (some port) rdr-to (internalIPs)

Maybe I'm just hallucinating :-)