On 2021/02/28 11:46, Rachel Roch wrote: > Thank you all for the suggestions, I am currently testing a few of them. > > Incase it makes any difference, the underlying problem I have is I have two > firewalls with BGP upstreams, one acting as primary, one as standby. So the > problem I am seeing is the age-old problem of asymmetric traffic to the > secondary firewall meaning pkg_add on the secondary doesn't work.
You can't just get two sessions from your upstreams so they can both be active rather than one in standby? > I guess I could med/localpref tweak the secondary to push traffic via the > primary. But then I still have the problem of determining return path for > the traffic (given inherent overlapping of IP ranges on the boxes). > > 26 Feb 2021, 15:34 by [email protected]: > > > On 2021-02-26, Daniel Jakots <[email protected]> wrote: > > > >> On Fri, 26 Feb 2021 11:53:40 +0100 (CET), Rachel Roch > >> > > ><[email protected]> wrote: > > > >>> Let's say I'm running "pkg_add -u" on a OpenBSD-based router with > >>> multiple interfaces. > >>> > >>> What determines the source IP ? > >>> > >> > >> On -current there is > >> route [-T rtable] sourceaddr [-inet|-inet6] [address] > >> route [-T rtable] sourceaddr [-inet|-inet6] -ifp interface > >> > > > > Use with care though, this can be a footgun (especially if you are > > connecting from there to other local machines with "strict host model"). > > > > If you want something more targetted then nat-to is one option. > > >
