I'm using OpenBSD 3.6-snap and pf as an "invisible" bridge.
The bridge is fxp0<->fxp1
xl0 is configured to be a "admin interface"
fxp1 and xl0 are connected to the inner switch where the other hosts are.
The bridge works fine. pf filters fine.
But I have two questions:
1. Why can't I ssh directly from the outside to the "admin interface"?
I have no pf rules
to disallow it. I thought my packets would be bridged and then
picked up by the admin
interface. ssh:ing to 84.240.56.18 and from there to 84.240.56.17
works fine.
Even with pfctl -d it doesn't work to ssh externally directly to
84.240.56.17.
2. Why can't I do redirects? (I've used rdr before in combination with
NAT, and there it works)
I try to do it like this:
rdr on fxp0 inet proto tcp from any to 84.240.56.19 port 25 ->
84.240.56.18
but smtp-traffic to 84.240.56.19 is not redirected.
Is there maybe a rdr-trick with bridges?
"additional info":
$ cat /etc/bridgename.bridge0
add fxp0
add fxp1
-learn fxp0
up
$ cat /etc/hostname.fxp0
up
$ cat /etc/hostname.fxp1
up
$ cat /etc/hostname.xl0
up
inet 84.240.56.17 255.255.255.240 NONE
