On Sun, Jan 20, 2008 at 03:48:16PM +1100, Sunnz wrote: > pass out on pppoe1 route-to (pppoe0 pppoe0:peer) \ > from any to pppoe0 I don't think that will work. Anyone trying to reach pppoe0 will not get routed out on pppoe1.
> pass in on pppoe1 route-to (pppoe0 pppoe0:peer) \ > from any to pppoe0 You should never receive packets to pppoe0 on pppoe1 or your ISP is doing funny things. Try: pass in on pppoe0 reply-to (pppoe0 pppoe0:peer) from any to pppoe0 and: pass in on pppoe1 reply-to (pppoe1 pppoe1:peer) from any to pppoe1. Then you also need to handle outgoing traffic: pass route-to (pppoe0 pppoe0:peer) or something similar (do not try load-balancing before you get the rest of it working). In this situation route-to will not help you with *incoming* connections. They are already routed by your isp. It is the replies (reply-to) and outgoing connections (route-to) that you need to statefully route to the correct interface using PF. Anyway, I have a very hard time writing correct rulesets with route-to / reply-to, so hopefully someone more experienced can comment / beat me with a clue stick. -- Jussi Peltola
