On Sat, Sep 13, 2008 at 02:57:07PM +0200, Matthias May wrote: > You shouldnt need 3 NIC's. > I'm not sure but you could also try to disable the anti-webgui-lockout rule.
It seems there was some persistent weirdness, perhaps from former upgrades. I've reset one firewall to "factory" defaults, and now the pf rules look more sane when switched to transparent bridge. Still not quite there (need allow rule for web GUI on WAN) but it seems I'm no longer dead stuck. I'll follow up on the end result, given that I want to operate two transparent bridges in a poor man's failover (no CARP). Thanks. -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
