PF redirection from a port to another

[JeyDee]

Hi there,
I'm too new to BSD and pf so I can't accomplish the following task and receiving generic "syntax error", maybe because of tables or macros. Here's the scenario: a server in DMZ with unbound (serving as resolver to other machines in DMZ) and NSD (authoritative for an Internet domain). To make this work I configured NSD to listen to a different port, say 53535. I want pf to block all traffic:
1) except for ssh from internal networks (DMZ, LAN)
2) permit resolving requests from DMZ to port 53 (unbound)
3) all traffic coming from external firewall to port 53 redirected to port 53535.

Any help? Thanx

 

[SirDice]

all traffic coming from external firewall to port 53 redirected to port 53535.

Run the service on the correct port. Don't resort to silly constructs like this.

 

[zirias@]

Run the service on the correct port. Don't resort to silly constructs like this.

Still an answer would be helpful, as there are scenarios that require such functionality. E.g. make the same service on different hosts available to the outside world through an IPv4 NAT.

Anyways, it might be helpful to see what has been tried before. In general, an rdr rule ending with -> <host> port 53535 should do the trick.

 

[SirDice]

Bind NSD to the external address, bind unboud to the local address. There's rarely a need for silly constructs like that. If you do appear to need it you're doing something wrong and may need to review what you're trying to accomplish.