My firewall box has 3 net interfaces:
em0 (internal network): inet 172.24.42.254 netmask 0xffffff00 broadcast 172.24.42.255 em1 (internet): inet 172.24.40.3 netmask 0xfffffc00 broadcast 172.24.43.255 em2 (wifi sandbox): inet 172.24.42.223 netmask 0xffffffc0 broadcast 172.24.42.255 Attached to em1 I have 2 ADSL modems, 172.24.40.1 and 172.24.40.2 Default route (set through /etc/mygate) is 172.24.40.1 The firewall itself ca reach both ADSL modems, but machines on the internal network can only reach 172.24.40.1. Here are traceroutes from a host inside the em0 network: traceroute to 172.24.40.1 (172.24.40.1), 30 hops max, 60 byte packets 1 172.24.42.254 (172.24.42.254) 0.598 ms 0.685 ms 0.787 ms 2 172.24.40.1 (172.24.40.1) 1.568 ms 1.560 ms 1.719 ms traceroute to 172.24.40.2 (172.24.40.2), 30 hops max, 60 byte packets 1 172.24.42.254 (172.24.42.254) 1.251 ms 1.243 ms 1.235 ms 2 * * * This is with pf disabled. As the packets do reach the firewall on em0, shouldn't they be forwarded to em1? (yes, net.inet.ip.forwarding=1) Any advice/ideas/guidance appreciated... Julf