On Thu, May 06, 2010 at 11:55:58AM -0700, Jeff Powell wrote:
> All this works just fine until I try to put another server on the public net.
> When I point that server's gateway at the public IP of the router ($IntIF),
> it's blocked by the NAT.  I understand that this is NAT doing its job by
> blocking packets it doesn't know about, but what do I do about a gateway for
> the DMZ net hosts?  I don't want to use the ISP's gateway, I'd rather use the
> router.

This would be useless, the return traffic still flows "directly" from
the isp router to your bridged hosts.

pf can filter on a bridge. Just do it that way.

Reply via email to