Justin Robertson wrote: > > Splitting the task into a transparent filtering bridge > with a separate routing box appears to clear it up entirely. how does that differ from using mac level ipfw? i.e. turning on filtering at the NIC (layer 2). (have you tried doing that?)