[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Still no answer on my bridge question



Thanks Sean!
On Wed, 2005-04-06 at 19:36 -0700, Sean Kamath wrote:
> [In a message on Thu, 07 Apr 2005 12:58:22 +1200,
>   Russell Fulton wrote:]
> >Hi,
> >	Earlier I posted a note here asking about the order of processing
> >incoming packets on a bridge with pf. I would really like to know if
> >there is something wrong with our set up or if this is expected
> >behaviour.
> >
> >I am seeing packets being dropped by pf that should not traverse the
> >bridge at all (i.e. packets between hosts that are on the same side of
> >the bridge).  After a little thought I came to the conclusion that this
> >is quite plausible since the filtering is taking place on the interface
> >closest to the affected hosts and the packets are hitting pf before they
> >get to the bridging logic.
> 
> What do you mean "packets being dropped by pf that should not traverse
> the bridge at all"?  Some clarity would help here.
> 
the addresses of the packets being dropped are both on the same side of
the bridge and therefore the packets should not traverse the bridge.
host 1                  host2
  |                       |  |                       |  +---------+-------------+
	    |            |         bridge
            |            |------------+--------------------
rest of network
I am seeing packets between host1 and host2 being dropped on the bridge,
filtering is taking place on the interface closest to host1 and host2.
Russell

Attachment: smime.p7s
Description: S/MIME cryptographic signature