On 5/25/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
Robert Zajda wrote: > On 5/25/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote: >> Bambero wrote: >> > I don't need load balance, or nat. I just need two accessible from >> > internet interfaces. >> > >> > When the request goes to first interface it should back via first >> > interface. >> > When the request goes to second interface it should back via second >> > interface. >> > >> >> check out the reply-to keyword in the pf.conf manpage. >> >> cheers, >> jake >> > > Hmm ... I'm trying but it won't works for me. > > ifconfig re0 xx.xx.xx.xx netmask xn.xn.xn.xn > ifconfig re1 yy.yy.yy.yy netmask yn.yn.yn.yn > > route delete defult # for sure > > /etc/pf.conf: > set skip on lo > scrub in > > block in quick inet6 all > > pass in quick on re0 reply-to ( re0 xg.xg.xg.xg ) > pass in quick on re1 reply-to ( re1 yg.yg.yg.yg ) > > ... and still nothing > > What may be wrong ? >here's what works for me on 4.0-release: pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto icmp \ from any to $gw1_ip icmp-type echoreq keep state pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto icmp \ from any to $host2 keep state pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp \ from any to $gw1_ip port $services flags S/SA modulate state pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp \ from any to $host2 port $services flags S/SA modulate state
Hmm, I can guess $ext_if1 and $ext_gw1, $host2 is probably an IP of $ext_if1, but what is $gw1_ip is not obvious for me ...
