redirect with PF

["Giacomo Marconi" <giacomone@inwind.it>]

Hi all

I am trying to redirect the port 8080 from the external intrerface to the
port 8080 of an internal pc (192.168.2.10).

my pf.conf is this:

private="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 255.255.255.255/32 }"
ext=ep0    #public.ip
int=ep1     #192.168.2.1

#scrub in on $ext all
nat on $ext from 192.168.2.0/24 to any -> public.ip.*.*
rdr on $ext proto tcp from any to any port 8080 -> 192.168.2.10 port 8080

# filter rules

block in quick on $ext from $private to any
pass in on $ext proto tcp from any to any port 22 flags S/SA keep state
pass in log on $ext proto tcp from any to 192.168.2.10 port 8080 flags S/SA
keep state
pass in quick on $ext inet proto icmp all icmp-type 8 code 0 keep state
pass out on $ext proto { tcp, udp } all keep state

#block in log on $int all
pass in log on $int all
pass out on $int all

an nmap scan tell me:

Starting nmap V. 3.10ALPHA7 ( www.insecure.org/nmap/ )
Interesting ports on *.*.*.*.*.*:
(The 1600 ports scanned but not shown below are in state: closed)
Port       State       Service
13/tcp     open        daytime
22/tcp     open        ssh
37/tcp     open        time
113/tcp    open        auth
8080/tcp   filtered    http-proxy

Nmap run completed -- 1 IP address (1 host up) scanned in 27.331 seconds

a tcpdump -e -i pflog0 port 8080 tells me that packets pass trought the
external interface, but it doesn't give me any info about the internal info
(after adding the block in log on $int all rule).

I would appreciate every suggestion.

Thanks very much and happy new year.

Giacomo