>> I realize that pf can't *know* the correct next-hop address for the >> specified interface, but it can make a reasonable guess (first non-zero >> address in $ext2:network), so hard-coding would only be required in >> cases where the "reasonable guess" is incorrect or $ext2 has multiple IP >> addresses. > > There is no guessing involved. If you specify the addresses, this > address is used for an arp lookup, and the ethernet frame will have > this IP address' MAC address as destination. > > If you don't specify the address, the destination IP address of the > matching packet is used for the arp lookup instead! > > If that destination IP address is not local (i.e. must be sent through > a next-hop), you MUST specify the next-hop address, or the packet will > be dropped, as arp resolution will fail.
Unless your router is doing proxy arp. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
