Hi Josh,
I guess the problem is that everything matches your NAT rules.
Try adding something like this before the match rules for nat:
pass in quick on $int_if0 from 10.66.66.0/24 to 10.66.67.0/24
pass out quick on $int_if0 from 10.66.67.0/24 to 10.66.66.0/24
pass in quick on $int_if1 from 10.66.67.0/24 to 10.66.66.0/24
pass out quick on $int_if1 from 10.66.66.0/24 to 10.66.67.0/24
Those rules should make pf "almost ignore" traffic between your
two home networks. I don't know if it works but give it a try.
BR,
Teemu
> #match rules for nat
> match out on egress inet from !(egress) to any nat-to (egress:0) scrub
> (no-df max-mss 1440)
> match out on egress inet from !(egress) to any nat-to (egress:0) scrub
> (no-df max-mss 1440)
>
>
> #filter rules
> block in log #block all incomming traffic
>
> antispoof quick for { $int_if0 $ext_if $int_if1 } label AntiSpoofFailed
>
> pass in on $int_if0 # pass all incomming traffic on our internal interface
> pass in on $int_if1 # pass all incomming traffic on our internal
> interface from the test network
>
> pass in log on $ext_if inet proto tcp from any to ($ext_if) port
> $allowed_services # allow selected services in from the net
>
> pass in on $ext_if inet proto icmp all icmp-type $allowed_icmp #allow
> some icmp traffic in from the net
>
> pass out quick # allow outgoing traffic
>
>
> I'm sure I'm just missing a quick setting in my pf configuration or
> somewhere else on the box.
>
> Any help is greatly appreciated.
>
>
> Thanks,
> --
> Josh Smith
> KD8HRX
> email/jabber:B juice...@gmail.com
> phone:B 304.237.9369(c)
