[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Still no answer on my bridge question



[In a message on Thu, 07 Apr 2005 12:58:22 +1200,
  Russell Fulton wrote:]
>Hi,
>	Earlier I posted a note here asking about the order of processing
>incoming packets on a bridge with pf. I would really like to know if
>there is something wrong with our set up or if this is expected
>behaviour.
>
>I am seeing packets being dropped by pf that should not traverse the
>bridge at all (i.e. packets between hosts that are on the same side of
>the bridge).  After a little thought I came to the conclusion that this
>is quite plausible since the filtering is taking place on the interface
>closest to the affected hosts and the packets are hitting pf before they
>get to the bridging logic.
What do you mean "packets being dropped by pf that should not traverse
the bridge at all"?  Some clarity would help here.
Are you saying:
(host 1, host 2) <--------> (int_1 OBSD Box int_2) <---------> (other hosts)
And that packes from host 1 to host 2 (and vice versa) are showing as
being dropped on int_2?  If so, outbound?  By a block rule?
Topology and a pf.conf file will get you more help. . .
>I want to know if this conclusion is correct or do I have a problem that
>should be investigated.
>
>BTW I have also spent some time looking for docs that describe exact
>order of processing of packets but could not find anything useful.
Try the list archives.  This came over the list on March 17:
http://mniam.net/pf/pf.png
Sean