Hi,
(re-sending since the post via news.gmane.org apparently didn't make it)
I'm currently using the following setup:
/ vlan1 \ / vlan2 - lan1
wan - router - - fxp0 bridge fxp1 -
\ vlan3 / \ vlan4 - lan2
i.e. a poor man's setup to save setting up one bridge for each LAN.
The bridge has 4 vlan(4) devices: vlan{1,3} on fxp0 and vlan{2,4} on
fxp1. It has two bridge(4) devices: bridge0 with vlan{1,2} and bridge1
with vlan{3,4}.
Now I wanted to do transparent proxying for lan2 to a proxy in lan1:
rdr on vlan4 inet proto tcp from any to any port 80 -> $proxy port 3128
Worked pretty well, until I one day implemented anti-spoofing on the router.
HTTP stopped working for lan2. Upon investigating I noticed that traffic
with _external_ source addresses was being sent to the router.
I figured that the bridge was rewriting traffic from lan2 to external
addresses on vlan4, but was also translating it back as soon as the proxy
returned it through vlan2.
Shouldn't states from rdr rules honour set state-policy if-bound? I realise
my setup may be ugly, just asking.
Regards,
ND
