--On 23 October 2005 16:52 -0400, [EMAIL PROTECTED] wrote:
generally with a filtering bridge, you would want to pass all
traffic on one of the interfaces ('set skip on XX' or a 'pass on
XX' rule), and just make rules apply to the other interface.
Whether or not this is what you're doing, isn't clear from your
message.
Thanks. Determinable from this data? It seems like "set skip"
should be like "quick", that filtering applies only to vge0.
Much better, thanks. This clears up eth_if vs. ext_if from your
original post too.
dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
1500 groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 70.84.x.16 netmask 0xffffff80 broadcast 70.84.x.127
set skip on { lo $int_if }
You have placed the IP address on dc0, which is $int_if in pf.conf,
which you are skipping in pf. Either try moving the IP address to vge0,
or change the rules to work on the other interface.
