On 12/19/06 7:53 AM, "Tobias Nygren" <tnn+nbsd@nygren.pp.se> wrote:

> I've used a setup similar to this.

Excellent.

> There is one caveat on startup though. Because ifconfig -C
> returns bridge before vlan, you can't configure bridges with
> vlan ports in the normal way. In other words,
> /etc/ifconfig.bridge0 will be configured before /etc/ifconfig.vlan0.
> 

This isn't a problem -- something I had already gleaned from my recon.  Thie
list ends up being long though.

> NAT works as expected, but you'll still nat between two of
> the vlan ports. The bridge stuff is transparent unless you explicitly
> configure it otherwise.
> 

I can cope with this.  I thought I might catch a break as the bridge info
dances around the support for ipfilter but doesn't address NAT.

> For my application I needed a custom mac adresses on my NAT
> port. To get this you can add a tap0 interface to the bridge.
> 

This is good info,  thank you!