On 7/13/05, Holger Bauer <[EMAIL PROTECTED]> wrote: > > > Hi Tom, > > by defaault the pfsense-bridge is a filtering bridge (it doesn't work the way > it works in m0n0 where you have to activate filtering). If you set an > Opt-Interface to Bridge you can leave all other settings empty, as it won't > have an IP of it's own then. To allow traffic to pass the bridge you have to > specify rules at Firewall>Rules for both directions (both physical > interfaces)just like it was a "normal" interface. You also can specify > trafficshaping rules for this interface. > WAN-LAN-Bridge isn't possible as the LAN-Interface is a bit different but you > can leave the LAN-Interface empty and use an OPT for that purpose.
Legacy code that I hope to replace at some future date. m0n0 was built with a concept of WAN/LAN/Optional interfaces which is a very PIX like concept (inside/outside) but not a terribly scalable concept. But those assumptions are quite ingrained into our system so it's going to be a challenge to rip it out and replace it. In the meantime what Holger suggests should work - albeit at the cost of a third interface on your filtering bridge. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
