From owner-freebsd-questions@FreeBSD.ORG  Tue Mar  8 12:50:04 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 87A7216A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Mar 2005 12:50:04 +0000 (GMT)
Received: from shadow.wixb.com (shadow.wixb.com [65.43.82.173])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A352E43D2D
	for <freebsd-questions@freebsd.org>;
	Tue,  8 Mar 2005 12:50:00 +0000 (GMT)
	(envelope-from jbronson@wixb.com)
Received: from dakota.wixb.com (shadow.wixb.com [10.43.82.173])
	by shadow.wixb.com (8.13.3/8.13.3) with ESMTP id j28CnxRT009274
	for <freebsd-questions@freebsd.org>;
	Tue, 8 Mar 2005 06:50:00 -0600 (CST)
Organization: Aurora Health Care, Milwaukee WI USA
Message-Id: <6.2.0.14.2.20050308064913.00b190b0@localhost>
Date: Tue, 08 Mar 2005 06:49:24 -0600
To: freebsd-questions@freebsd.org
From: "J.D. Bronson" <jbronson@wixb.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: pf question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Mar 2005 12:50:04 -0000

First my ifconfig -A:

# ifconfig -A
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
         address: xxxxxxxxxxxx
         media: Ethernet autoselect (100baseTX full-duplex)
         status: active
         inet 192.168.82.1 netmask 0xffffff00 broadcast 192.168.82.255
         inet 192.168.82.2 netmask 0xffffffff broadcast 192.168.82.2


I use a rule in the firewall such as this:
# macros
int_if = "bge0"

pass in on $int_if from $int_if:network to any modulate state
pass out on $int_if from any to $int_if:network modulate state


This expands to:
pass in on bge0 inet from 192.168.82.0/24 to any modulate state
pass in on bge0 inet from 192.168.82.2 to any modulate state
pass out on bge0 inet from any to 192.168.82.0/24 modulate state
pass out on bge0 inet from any to 192.168.82.2 modulate state

..Why does it pick the alias IP on the nic and not the actual IP?
Is this intended by design?




-- 
J.D. Bronson
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: jd@aurora.org // Pager: 414.314.8282