Since 4.7's big nat re-write, nat rules are no longer separate from other rules, and rules that come after nat see the nat redirect ip, not the original source ip. (hxxp://marc.info/?l=openbsd-misc&m=125181847818600&w=2) (sorry for the hxxp, this is my second post haha)
Have you tried tagging the wifi packets and explicitly dropping those tagged packets on the internal interface?
Last edited by rocket357; 6th August 2010 at 03:48 PM.
|