[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

pf with ethernet bridge and one ip

i have problems with pf on a openbsd 3.3-stable ethernet bridge.
my setup:
(lan_A)-----( if_A: noIP )-|bridge|-( if_B: ip_B )----(lan_B)
on the bridge box i run ssh and transparent squid.
Problem with pf:
IP datagram from (lan_A) to ip_B 
First appearance of the ip datagram within pf is: IN if_B (!)
IP comes in a ethernet frame with dst mac for if_A and
can only arrive on if_A due cabling.
Inside pf i can't decide if the ip datagram has arrived on if_A or if_B 
The IP datagram is *not* being transmitted over the bridge.
Filtering IP for traffic that runs over the bridge works 100%
it would be great if i can write pf rules depending on the interface the
ip datagrams arrive as mac and ip adresses are spoofable ;)
any help would be great, the problem maybe not the pf but something else..
btw: i love the pf, great work guys :) 
Gesendet von Yahoo! Mail - http://mail.yahoo.de
Logos und Klingeltöne fürs Handy bei http://sms.yahoo.de