On Sunday 23 October 2005 05:58 pm, Stuart Henderson wrote:
> --On 23 October 2005 16:52 -0400, [EMAIL PROTECTED] wrote:
> >> generally with a filtering bridge, you would want to pass all
> >> traffic on one of the interfaces ('set skip on XX' or a 'pass on
> >> XX' rule), and just make rules apply to the other interface.
> >> Whether or not this is what you're doing, isn't clear from your
> >> message.
> >
> > Thanks. Determinable from this data? It seems like "set skip"
> > should be like "quick", that filtering applies only to vge0.
>
> Much better, thanks. This clears up eth_if vs. ext_if from your
> original post too.
>
> > dc0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu
> > 1500 groups: egress
> > media: Ethernet autoselect (100baseTX full-duplex)
> > status: active
> > inet 70.84.x.16 netmask 0xffffff80 broadcast 70.84.x.127
> >
> > set skip on { lo $int_if }
>
> You have placed the IP address on dc0, which is $int_if in pf.conf,
> which you are skipping in pf. Either try moving the IP address to vge0,
> or change the rules to work on the other interface.
I moved the IP address to vge0. Fixed. I trust that authlog will look better
now.
Thanks!
Darrel
