On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal interface to DMZ
de2 - No IP interface to DMZ
de3 - No IP interface to wireless
bridge0 (de3 <-> de2)
It works a little better. I'm able to screen packets going to my own
network. But packets that come on in the wifi interface that are
destined for the internet are getting natted before they go out onto
the DMZ via de2. This causes them to be rejected when they again
appear on de1 for having an invalid source address.
I'm really not understanding how packets pass through the filter. I
would expect that packets wouldn't be natted until they appeared as an
outbound packet on de0.
Any help...
Thanks again
-- Chris
