Robert Zajda wrote:
On 5/25/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
Bambero wrote:
> I don't need load balance, or nat. I just need two accessible from
> internet interfaces.
>
> When the request goes to first interface it should back via first
> interface.
> When the request goes to second interface it should back via second
> interface.
>
check out the reply-to keyword in the pf.conf manpage.
cheers,
jake
Hmm ... I'm trying but it won't works for me.
ifconfig re0 xx.xx.xx.xx netmask xn.xn.xn.xn
ifconfig re1 yy.yy.yy.yy netmask yn.yn.yn.yn
route delete defult # for sure
/etc/pf.conf:
set skip on lo
scrub in
block in quick inet6 all
pass in quick on re0 reply-to ( re0 xg.xg.xg.xg )
pass in quick on re1 reply-to ( re1 yg.yg.yg.yg )
... and still nothing
What may be wrong ?
here's what works for me on 4.0-release:
pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto icmp \
from any to $gw1_ip icmp-type echoreq keep state
pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto icmp \
from any to $host2 keep state
pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp \
from any to $gw1_ip port $services flags S/SA modulate state
pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp \
from any to $host2 port $services flags S/SA modulate state
maybe your're not keeping state, depends on what version of openbsd
you're running. there was a default keep state change in 4.1.
cheers,
jake
