I found myself in a similar situtation and just set all icmp to go out a
single interface:
pass in on $int_if route-to { ($dsl_2_if $dsl_2_gw) } proto { icmp } from any
to any keep state
And for incoming connections for ssh that go to a given interface I added
these:
pass in quick on $dsl_1_if reply-to ($dsl_1_if $dsl_1_gw) proto tcp
Of course, my setup is different because I have certain protocol/host groups
mapped to given interfaces..but hope this can help a little.
------------------------
On Thursday 20 March 2008 12:44:24 pm you wrote:
> I try to implement loadbalacing using two ISP's, with explanation from
> http://www.openbsd.org/faq/pf/pools.html
> Everything work well (except ftp), but i see with tcpdump, packets that
> outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are
> icmp request's.
> I don't understand why this happening because have last two rules (from
> web explanation), that prevent this situation.
> Even if i try to log packets for this rules, i don't see any packet.
> To be more clear, rules that prevent packet to outgoing on wrong
> interface are:
>
> pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
> pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
>
> Still with this rules, i see with tcpdump packets that outgoing on wrong
> interface.
> Where is the problem?
