I have taken away the block all rule, but pfctl -d makes no difference. The gateway itself behaves just like any server connected to multiple vlans. You can reach the world around it, through its default gateway you can reach the internet.
The servers connected to its private vlan, vic3, cannot connect to anything but themselves and the gateway ip 10.221.181.10. They cannot go further. The gateway can ping them and connect to them just like on a vlan. 2011/10/10 Peter N. M. Hansteen <pe...@bsdly.net>: > Stefan Midjich <sweh...@gmail.com> writes: > >> Not sure what you mean but they're both in switched vlans, two >> different vlans. Point to Point is a crossover cable right? I'm not >> sure what it means in English. This is all a virtual environment I use >> for training so there are no cables as such. > > take a step back. with PF disabled (pfctl -d), do you > have connectivity, does traffic pass where you want it to? > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > -- Med vdnliga hdlsningar / With kind regards Stefan Midjich
