> The rewritten packet still went out on $int_if even though it was > destined for 127.0.0.1 and routing was turned on. However because the > bridge interfaces had IPs, I tried a variation where instead of > redirecting to a spamd process on 127.0.0.1, I redirected it to the > IP of the $int_if, thinking that as the packet went out on the > interface it would be recognised on that interface.
I was under the impression that packets destined for assigned IPs get short-circuited by the routing subsystem and are delivered on the loopback devices. You had a host route for 127.0.0.1, and it ignored it? Odd. > This is a ridiculous hack which is completely unsatisfactory. > I would very much appreciate if anyone who understands pf and > knows what the heck is going on here could explain it to me. The networking stack code is fairly readable, last time I checked. I understand pf but not bridging and carp, so cannot help much. -- http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B