Hello, I hope I can avoid try'n error this way ;-) I have two firewall systems with carp enabled (running obsd 4.3). These gateways have two internet connections (dsl 6000 and symmetric 4000 provided by a router with an /29 transport net). The symmetric line should be used for vpn and vor mail and http(s) if the dsl line is not available. I tried to google about this topic, but I didn't find much helpful. Someone mentioned http://marc.info/?l=openbsd-misc&m=120665186412690&w=2 yesterday. Looks like a good starting point because the pf.conf manpage doesn't say much about route-to and reply-to syntax.
Every connect should find his way back the same way (same route, using the ip-address the SYN came to). Does someone have a link for me how to set the correct routes and pf-rules? The symmetric line should be set as default route with a higher metric but the source ip should be the carp ip if used. I think my biggest problem is carp, because I don't know how to set up pf corretly with carp in use. As you know pf uses the phisical interface, not the virtual interface, so I think I have to define the source ip, too? I hope someone understand my english ;-) and can give me some links / documentation / examples ... Thanks and regards Hagen Volpers
