On Mar 31, 2008, at 8:53 PM, Jon Radel wrote:
Christopher Sean Hilton wrote:
On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal interface to DMZ
de2 - No IP interface to DMZ
de3 - No IP interface to wireless
bridge0 (de3 <-> de2)
It works a little better. I'm able to screen packets going to my own
network. But packets that come on in the wifi interface that are
destined for the internet are getting natted before they go out
onto the
DMZ via de2. This causes them to be rejected when they again appear
on
de1 for having an invalid source address.
I'm really not understanding how packets pass through the filter. I
would expect that packets wouldn't be natted until they appeared as
an
outbound packet on de0.
Any help...
Thanks again
-- Chris
You haven't shared any NAT statements from your config; rather hard to
guess what you might, or might not, be doing.
There's only the one:
nat on $ext_if from $internal_net to any -> ($ext_if)
--
Chris Hilton chris-at-vindaloo-dot-com
------------------------------------------------------------------------
"All I was doing was trying to get home from work!"
-- Rosa Parks
