> I think I may be getting to the bottom of a misunderstanding. I was under > the impression that a transparent bridge *could not* have IP addresses on > its bridge interfaces. This seems to be saying that it is allowed, and > indeed necessary if any traffic internal to the machine is ever going to > be routed to anything on either side of the bridge interfaces. > > (This would explain why pf.conf files that apparently work elsewhere didn't > work for me - the binding of the IP address isn't visible in the pf.conf > file ...) > > If this is the case it might explain why I have not been able to > redirect traffic to 127.0.0.1 on the bridge machine itself (the traffic > going out $int_if but addressed to 127.0.0.1, which is clearly wrong) > > So... what are the consequences of putting IP addresses on the bridge > interfaces? Are there any unexpected surprises waiting for me?
Putting an IP on the interfaces made no difference. However it did lead me to a solution that works, albeit inelegant to the point of hackishness: The rewritten packet still went out on $int_if even though it was destined for 127.0.0.1 and routing was turned on. However because the bridge interfaces had IPs, I tried a variation where instead of redirecting to a spamd process on 127.0.0.1, I redirected it to the IP of the $int_if, thinking that as the packet went out on the interface it would be recognised on that interface. It wasn't, but that gave me an idea... I have a 3rd ether interface on the machine, which I had been using for the control net connection, but since the bridge interfaces now have IPs I can use one of them for the network connection, leaving me a spare ether port. I set a private address on that port, then rewrote the smtp -> spamd packet for that subnet, and wrapped the ether connection around physically from the $ext_if socket to the $spare_if socket via a hub and a wire... and the packet as looped back physically finally talked successfully to spamd! This is a ridiculous hack which is completely unsatisfactory. I would very much appreciate if anyone who understands pf and knows what the heck is going on here could explain it to me. Graham
