Daniel Hartmeier wrote:
pass in log on $ext_if dup-to $dmz_if allHow's dmz_if defined? did you put the IP of your loghost/IDS in there? If not, I think you should.Yes, try this: pass in log on $ext_if dup-to ($dmz_if 10.1.2.3) all replacing 10.1.2.3 with the IP address of your loghost.
BTW: couldn't we simplify things and accept just the following: pass in log on $ext_if dup-to 10.1.2.3 all And getting the interface from the routing table? I sense I will be asked for a patch :) Cedric
