Giancarlo Razzolini wrote: > > Yep, you need a reply-to rule. I'll not write one here, but basically, > you do the rdr rule for incoming traffic as you normally would. But in > the pass rule, you say that this rule will reply-to, to the isp2. If you > do not make a reply-to rule, the requests get to server correctly, but > when the firewall forward them, it will forward them to the default > gateway set on it, which, in your case, is isp1. If you have trouble > making the rules, i can help you write. This time i'm (almost) just > lurking the list. > > My regards, > > -- > Giancarlo Razzolini > Linux User 172199 > Red Hat Certified Engineer no:804006389722501 > Moleque Sem Conteudo Numero #002 > Slackware Current > OpenBSD Stable > Ubuntu 7.04 Feisty Fawn > Snike Tecnologia em Informatica > 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 > > [demime 1.01d removed an attachment of type application/pgp-signature > which had a name of signature.asc] >
Hello, I need some help. At the present situation: ------------------------------------------------------------------- 1.) Workstations on LAN net (172.16.0.0/24) must reach Internet through ISP1 (172.16.0.X --> 172.16.0.254 --> 192.168.0.10 --> 192.168.0.1 --> ISP1). DONE!! ------------------------------------------------------------------- 2.) Servers on DMZ net (172.31.0.0/24) must reach Internet through ISP2 (172.31.0.X --> 172.31.0.254 --> 80.25.145.194 --> 80.25.145.193 --> ISP2). DONE!! by: pass in quick on $dmz_if from $dmz_net to $lan_net pass in quick on $dmz_if route-to ($isp2_if $isp2_gw) \ from $dmz_net to !$lan_net ------------------------------------------------------------------- 3.) Web server on DMZ net must be reachable from Internet through ISP2 (ISP2 --> 80.25.145.194 --> 172.31.0.254 --> 172.31.0.21). DONE!! by: rdr on $ips_if proto tcp \ from any to $isp2_if port http -> $srv_web_001 port http ------------------------------------------------------------------- 4.) Responses to incoming Web server (DMZ net) must be reply through ISP2 (172.31.0.21 --> 172.31.0.254 --> 80.25.145.194 --> 80.25.145.193 --> ISP2). ERROR!! Packages are send back through ISP1 (bge0). Can anyone help me with the missing rule? Please. Thanks in advance. -- View this message in context: http://www.nabble.com/select-outgoing-route-depending-on-souce-interface-%28net%29-tp15863445p15879537.html Sent from the openbsd user - misc mailing list archive at Nabble.com.