Andres, I think the best way to understand it is to draw it out, lets say you have 2 interfaces em0 and em1,
Think of this (rough example of a really simple router setup): Traffic > em1 > em0 > internet Like this: Traffic > (heading into em1) em1 (heading out of em1) (heading into em0) > em0 (heading out of em0) > internet Does that make sense? Or you can think of it as a room with two doors, entry and exit, you can lock none/either/both of them if you want. J On Tue, Jul 28, 2009 at 4:19 PM, Jason Dixon <ja...@dixongroup.net> wrote: > On Tue, Jul 28, 2009 at 06:10:26PM -0500, Andres Salazar wrote: > > Hello Jason, > > > > Thank you for assisting me getting this together.. > > > > I do understand that translation happens before filtering (at least > > think i do), what I dont understand is why the filtering is done with > > "pass in" if traffic is actually going from within the int_if2 network > > to the outside? Where is the traffic actually going "in"? > > PF filtering is done from the "perspective" of the firewall. If you > imagine yourself as an inanimate object with a couple interfaces > allowing traffic inbound and outbound, you're there. ;) > > -- > Jason Dixon > DixonGroup Consulting > http://www.dixongroup.net/