Le Dimanche 21 FC)vrier 2010 11:07:28, Tomas Bodzar a C)crit :
> Yep, see snippet from man page for brconfig(8)
>
> The following commands will tag packets from and to 9:8:7:6:5:4 on fxp0
> so that pf(4) can refer to them using the tagged directive:
>
> # brconfig bridge0 rule pass in on fxp0 src 9:8:7:6:5:4 tag
> boss # brconfig bridge0 rule pass out on fxp0 dst 9:8:7:6:5:4 tag boss
>
> An example pf.conf(5) rule using this tag is:
>
> pass tagged boss queue q_med
>
>
> You created bridge device for your NIC and then you can use tag boss
> in pf rules. The change in future will be that there will be no
> brconfig(8) command, but it will be included in ifconfig(8).
>
> On Sun, Feb 21, 2010 at 10:52 AM, Jean-Francois <[email protected]>
wrote:
> > I am not completely sure to understand, is it possible to make a pseudo
> > device bridged to an interface and marking the packets with a tag
> > according to rules based on MAC adress and then to take account of the
> > tag in pf while doing NAT translation to a second interface ?
> >
> > In my opinion, this might be possible.
> >
> > Reagrds
All,
I tried out to do the below but for the moment, I have basic problems, however
the principle shall work in my understanding of the system.
Internal network with a switch, several machines wired to re0 on OpenBSD
re0 IF will be natted to re1, the Internet connexion.
re0 will be member of bridge0.
bridge0 will tag the packets according to their MAC address.
pf rules regarding the NAT translation and RDR rules will be based on the tag
AVAIL coming from the bridge rule.
Internal network
/ OpenBSD box
re0 <-> bridge0 + rule tag AVAIL based on MAC address of the packets
|
DHCP + NAT on re1 provided packets are tagged AVAIL
|
re1
/ End of OpenBSD box
|
Internet
Regards
