On Thu, May 06, 2010 at 11:55:58AM -0700, Jeff Powell wrote: > All this works just fine until I try to put another server on the public net. > When I point that server's gateway at the public IP of the router ($IntIF), > it's blocked by the NAT. I understand that this is NAT doing its job by > blocking packets it doesn't know about, but what do I do about a gateway for > the DMZ net hosts? I don't want to use the ISP's gateway, I'd rather use the > router.
This would be useless, the return traffic still flows "directly" from the isp router to your bridged hosts. pf can filter on a bridge. Just do it that way.