hi list,
i've a complex packet filter setup on a 4.0 box.
+------+ +----------------+
|Switch| |OBSD4.0 |
pc 1 ----------|vlan1 | | |
192.168.1.2/24 | | | +-------+ |
| |Trunk|vlan1-| | |
pc 2 ----------|vlan2 |-----|vlan2-|bridge0| |----- pc 4
192.168.1.3/24 | | em0|vlan3-| | |em1 192.168.3.2
| | | em0-| | |
pc 3 ----------|vlan3 | | +-------+ |
192.168.2.2/24 | | | |
+------+ |carp0 |
|192.168.1.1 |
|192.168.2.1 |
| carp1|
| 192.168.3.1|
+----------------+
default policy is block on all on all interfaces, except
bridge0 and loopback.
i started with filtering from pc1 to pc4 with filtering
on vlan1. i saw the traffic with tcpdump on vlan1
but the filter was never matched on vlan1. it was matched
on em0 but i saw no traffic on em0.
ok i modified my setup filtering on em0.
now i would setup filters between pc1 and pc2. i started
with filtering on em0. but it doesn't work. it works only
on vlan1 and vlan2. i'm confused. but it works.
now i would setup filters between pc1 and pc3. i think
i should use my vlan interfaces vlan1 and vlan3. no ...
thats wrong. in this case i should use em0 again (for
different networks).
hase everyone a simple explantation how this works ?
thx
thomas
