On May 22, 2013, at 3:02 AM, Stuart Henderson wrote: >> pass in from 10.1.1.0/24 route-to 10.1.1.1@vlan1 >> pass in from 10.1.2.0/24 route-to 10.1.2.1@vlan2 >> pass in from 10.1.3.0/24 route-to 10.1.3.1@vlan3 >> pass in from 10.1.4.0/24 route-to 10.1.4.1@vlan4 >> >> If I needed inbound traffic returned (ping), I would add: >> >> pass in on vlan1 reply-to 10.1.1.1@vlan1 >> pass in on vlan2 reply-to 10.1.2.1@vlan2 >> pass in on vlan3 reply-to 10.1.3.1@vlan3 >> pass in on vlan4 reply-to 10.1.4.1@vlan4 >> >> That's assuming I've understood what you've said correctly! > > That looks right to me.
I think I've got it going, thanks very much for your help! The final syntax I used, after more messing with it, was: pass in on vlan0 route-to 10.1.1.1 from 10.1.1.0/24 to any pass in on vlan1 reply-to 10.1.1.1 Which comes out as: # pfctl -sr No ALTQ support in kernel ALTQ related functions disabled pass in on vlan0 route-to 10.1.1.1 inet from 10.1.1.0/24 to any flags S/SA keep state pass in on vlan1 reply-to 10.1.1.1 all flags S/SA keep state vlan0 being the one with the default route. I believe this is right, at least, I can ping both ways across all four of the VLANs in question end-to-end. I'm suspicious the first line should be "pass out" but since it's working, perhaps not. Aaron
