David Newman wrote:
Forget for a second what you *want* to have happen, and look at the
above snippets of your pf.conf. What's the *last* matching rule for
something on $ExtIfa?
Ah, good point, thanks. I tried flipping the order (and adding the :0
parameter) but the following still forwards box2's requests to box1:
I was wrong. Nat/rdr keeps the *first* matching rule, while filtering
keeps the *last* matching rule. So you had it in the right order before.
Sorry about that. I need to finish my morning coffee before I post.
See Stuart Henderson's remarks regarding IP address vs. interface (and
anything else he has to say).
--
Darrin Chandler | Phoenix BSD Users Group
[EMAIL PROTECTED] | http://bsd.phoenix.az.us/
http://www.stilyagin.com/ |
