[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf with ethernet bridge and one ip
On Thursday, Sep 11, 2003, at 16:40 US/Pacific, Torsten wrote:
i have problems with pf on a openbsd 3.3-stable ethernet bridge.
(lan_A)-----( if_A: noIP )-|bridge|-( if_B: ip_B )----(lan_B)
IP datagram from (lan_A) to ip_B
First appearance of the ip datagram within pf is: IN if_B (!)
IP comes in a ethernet frame with dst mac for if_A and can only arrive
on if_A due cabling.
Why would the destination MAC be for if_A? Normal ARP should respond
with if_B's MAC over the bridge.
Inside pf i can't decide if the ip datagram has arrived on if_A or if_B
it would be great if i can write pf rules depending on the interface
the ip datagrams arrive as mac and ip adresses are spoofable ;)
The bridge causes an internal transit to the interface matching the
destination MAC address prior to filtering and upper-layer processing.
I don't know of a way around this.