Hi Josh, I guess the problem is that everything matches your NAT rules.
Try adding something like this before the match rules for nat: pass in quick on $int_if0 from 10.66.66.0/24 to 10.66.67.0/24 pass out quick on $int_if0 from 10.66.67.0/24 to 10.66.66.0/24 pass in quick on $int_if1 from 10.66.67.0/24 to 10.66.66.0/24 pass out quick on $int_if1 from 10.66.66.0/24 to 10.66.67.0/24 Those rules should make pf "almost ignore" traffic between your two home networks. I don't know if it works but give it a try. BR, Teemu > #match rules for nat > match out on egress inet from !(egress) to any nat-to (egress:0) scrub > (no-df max-mss 1440) > match out on egress inet from !(egress) to any nat-to (egress:0) scrub > (no-df max-mss 1440) > > > #filter rules > block in log #block all incomming traffic > > antispoof quick for { $int_if0 $ext_if $int_if1 } label AntiSpoofFailed > > pass in on $int_if0 # pass all incomming traffic on our internal interface > pass in on $int_if1 # pass all incomming traffic on our internal > interface from the test network > > pass in log on $ext_if inet proto tcp from any to ($ext_if) port > $allowed_services # allow selected services in from the net > > pass in on $ext_if inet proto icmp all icmp-type $allowed_icmp #allow > some icmp traffic in from the net > > pass out quick # allow outgoing traffic > > > I'm sure I'm just missing a quick setting in my pf configuration or > somewhere else on the box. > > Any help is greatly appreciated. > > > Thanks, > -- > Josh Smith > KD8HRX > email/jabber:B juice...@gmail.com > phone:B 304.237.9369(c)