he reply-to is not working when it is used with synproxy.
The scenario is described bellow: gw-isp1 e gw-isp2 are the IP from ISP 1 and 2 gateways: /etc/pf.conf ------------------------------------ if_isp1="ed0" if_isp2="ed1" if_internal="ed2" route1="( ed0 gw-isp1 )" route2="( ed1 gw-isp2 )" rdr on $if_isp1 proto tcp to port 25 -> 192.168.0.2 port 25 rdr on $if_isp2 proto tcp to port 25 -> 192.168.0.2 port 25 block in log all pass in quick on $if_isp1 reply-to $rota1 proto tcp to 192.168.0.2 port 25 synproxy state pass in quick on $if_isp2 reply-to $rota2 proto tcp to 192.168.0.2 port 25 synproxy state pass out quick on $if_internal to 192.168.0.2 port 25 keep state -------- The default route is ISP1 gateway. -------- The problem is that even pf feeding the route, the reply packet obey the route imposed by system default route. Ex: Syn packet comes from ISP2 interface and goes out with ISP1, resulting in comunication failure. When I use keep state instead of synproxy state, the comunication goes as expected. -- Aristeu Gil Alves Jr _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
