Thanks for the reply, Daniel!

> AFAIK, it should work.

Good to have that confirmed, thanks!

> Can you ping $isp1_gw and $isp2_gw and arp -sn is showing two
> different entries for them?

>From the firewall machine, yes, but not from machines on
the internal network.

> What is the problem? All packets always go to $isp1_gw's MAC?

Seems packets just disappear. Might be that the return
packets don't make it back - will have to set up a
separate test system, as I can't fiddle with the
firewall during daytime.

> Are you using multiple clients on $int_net? 


> Have you tried adding "keep state(soure-track global)" and
> "set timeout source-track" and checked with pfctl -sS?

No, hadn't thought about that. Thanks - will have to try.


