On 2015-10-11 13:16:08 (+0200), Miłosz Kaniewski <[email protected]> wrote: > I have FreeBSD machine which forwards packets between host1 and host2. This > machine has also an additional interface (em2) which act as span interface > - all traffic between host1 and host2 is copied into it. > To achieve this scenario I can set bridge with em0 and em1 as members and > em2 as span interface. But I would like to get same result using pf > instead. So I tried to use this rules: > > pass out on em0 dup-to em2 no state > pass out on em1 dup-to em2 no state > > But it doesn't work. No packets appear on interface em2. I've checked same > configuration on OpenBSD and everything worked well. > Is there any difference in setting dup-to rule in FreeBSD and OpenBSD pf? > From a quick test, yes, it looks like something's broken, or we're both misunderstanding something.
My system complains 'arpresolve: can't allocate llinfo for 8.8.8.8 on vtnet1'. I think the issue is that we still try to resolve the destination MAC on 'em2'. Can you open a bug? I'll add this to my TODO list. Regards, Kristof _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
