On Sat, 01 Feb 2003 16:14:32 +0100 Cedric Berger <[EMAIL PROTECTED]> wrote:
> Marco Grigull wrote: > > > > >If I want to forward all ip traffic verbatim to a loghost/ids machine, > >would the following rules suffice? > > > > > ># forward stuff to our loghost/IDS > >pass in log on $ext_if dup-to $dmz_if all > > > How's dmz_if defined? did you put the IP of your dmz_if="rl0" > > loghost/IDS in there? If not, I think you should. > Cedric > I have also tried replacing dmz_if with the actual ip addr, but to no avail. I do not see all of the packets that ext_if could with tcpdump. Would I be better of just bridging ext_if and dmz_if together, or will it be impossible to do nat for hosts on int_if's network? (ext_if get its ip addr with dhcp) Marco
