Is the use of both "route-to" and "divert-packet" in the same PF rule supported?
I have two rules of the form:
pass out log quick on $ext_if1 inet from $internal_lan to any flags S/SA \
keep state scrub (reassemble tcp) route-to ( $ext_if1 $ext_if1_gw ) \
nat-to ( $ext_if1:0 ) divert-packet port 500
pass out log quick on $ext_if2 inet from $internal_lan to any flags S/SA \
keep state scrub (reassemble tcp) route-to ( $ext_if2 $ext_if2_gw ) \
nat-to ( $ext_if2:0 ) divert-packet port 500
The behavior seems the same if I leave out the "route-to" statements:
packets going out
over the wrong interface more than half the time.
OpenBSD 4.7/i386
# dmesg | head -3
OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) M processor 1.50GHz ("GenuineIntel"
686-class) 1.50 GHz
