Nat/firewall, not sure exactly

cubsfan

Wasn't real sure where to post this one

I have a somewhat odd setup on a couple pf boxes, I will draw it the best I can

pf2  -> LAN
                        |
internet -> pf1
                        |
                        pf3  -> LAN
                          |
                        netA

I'm trying to nat from the public side of pf2 to a host on netA through the LAN subnet.  I was thinking I could setup a firewall rule on the netA interface of pf3 to change the gateway to the LAN interface of pf2 and accomplish it but it's still trying to send the replies out  the WAN interface of pf3.  pf3 has NAT enabled for netA on the wan interface so I'm not sure if that is hitting before the LAN rule and sending it out that way or what is happening exactly.

Is there any way to accomplish this?

thanks

cubsfan

@cubsfan:

Wasn't real sure where to post this one

I have a somewhat odd setup on a couple pf boxes, I will draw it the best I can

pf2   -> LAN
                         |
internet -> pf1
                         |
                        pf3   -> LAN
                          |
                        netA

I'm trying to nat from the public side of pf2 to a host on netA through the LAN subnet.  I was thinking I could setup a firewall rule on the netA interface of pf3 to change the gateway to the LAN interface of pf2 and accomplish it but it's still trying to send the replies out  the WAN interface of pf3.  pf3 has NAT enabled for netA on the wan interface so I'm not sure if that is hitting before the LAN rule and sending it out that way or what is happening exactly.

Is there any way to accomplish this?

thanks

Also, with the policy rule in place, traffic is sent to pf2 from the host on netA I'm trying to do this with, it's just the replies that don't seem to be routed back out that way.