I've got the basics of my pf firewall/NAT router setup working; traffic going out fine, DNS requests on port 53 mapped into an internal subnet and back out again successfully (no change in port number). But I'm stuck at a port forwarding from the internal gateway to a machine where I need to translate ports. Here's what I've got which doesn't seem to be working:
rdr on $ext_if inet proto tcp from any to 192.168.1.101 port 24 -> 192.168.0.105 port 22
pass in on $ext_if inet proto tcp from any to 192.168.0.105 port 22
The network is public IP => this gateway at 192.168.1.101 => machine needing ssh access at 192.168.0.105
port 22 on the public address is being used in a different subnetwork (a 10. network parallel to the 192.168.0.1/32 network).
for reference the following IS working:
rdr on $ext_if proto udp from any to any port 53 -> 192.168.0.105
pass in on $ext_if inet proto udp from any to 192.168.0.105 port 53
EDIT: So, adding "synproxy state" got it to the point where it was making a connection and trying to log in, then timing out (whereas it was failing pretty quick before). It could be just a matter of timeouts from here. I'll try again some time; for now I've just opened SSH on the router machine itself and can log in step by step (to router, then to machine).
You have to use your gateway's external IP. Try this:
The parentheses will insert the IP address currently bound to that interface and keep it updated if it changes (because of DHCP, for example). The :0 indicates that it should only use the main IP bound to the interface, not aliased ones.