On 2007/09/21 16:10, Ilya A. Kovalenko wrote: > > block in inet from 192.168.0.1 to 192.168.114.31 > pass in inet from 192.168.114.31 to 192.168.0.1 flags S/SA keep state > (does not work - neither pings nor TCP)
Here, you only pass the *inbound* packets; you also must pass the outbound packets on the opposite interface. > Preferred version, because it does not affect queueing I think you'll find the complication comes from queueing. It's only done on the outbound interface, so one way to handle this is to tag the incoming packets, then you can pass the outbound packets on different queues depending on the tags.
