Hi,
I'm currently using the following setup:
/ vlan1 \ / vlan2 - lan1
wan - router - - fxp0 bridge fxp1 -
\ vlan3 / \ vlan4 - lan2
i.e. a poor man's setup to save setting up one bridge for each LAN.
The bridge has 4 vlan(4) devices: vlan{1,3} on fxp0 and vlan{2,4} on
fxp1. It has two bridge(4) devices: bridge0 with vlan{1,2} and bridge1
with vlan{3,4}.
Now I wanted to do transparent proxying for lan2 to a proxy in lan1:
rdr on vlan4 inet proto tcp from any to any port 80 -> $proxy port 3128
Worked pretty well, until I one day implemented anti-spoofing on the
router. HTTP stopped working for lan2. Upon investigating I noticed that
traffic with _external_ source addresses was being sent from lan1 to the
router. I figured that the bridge was rewriting traffic from lan2 to
external addresses on vlan4, but was also translating it back as soon as
the proxy returned it through vlan2.
Should states from rdr rules honor set state-policy if-bound? I realize
my setup may be ugly, just asking.
Regards,
ND
