spamassassinexception
the simplified ruleset looks like this (if1, if2 - external,
if3 - external):
nat on $if1 inet from $int_net to any -> ($if1)
nat on $if2 inet from $int_net to any -> ($if2)
rdr on $if1 inet proto udp \
from any to $if1_addr port 53 -> $int_dns port 53
pass in quick on $if1 reply-to ($if1 $if1_gw) inet proto udp \
from any to $int_dns port 53 keep state
pass out quick on $if1 inet proto {icmp,udp,tcp} \
from $int_net to any flags S/SA keep state
pass out quick on $if2 inet proto {icmp,udp,tcp} \
from $int_net to any flags S/SA keep state
pass in quick on $if3 inet from $int_net to any
pass out quick on $if3 inet from any to $int_net
block in all
block out all
the default route is to if2. as you see, the point is
to symmetrically route inbound dns traffic via if1.
but strage things happens: i see incoming packet on if1,
state creation, outgoing packet on if3, dns reply incoming
on if3, and... nothing else, no outgoing packet neither on
if1 nor if2.
if i add some rule like
pass in quick on $if3 route-to ($if1 $if1_gw) inet \
from $int_net to any
things goes normal, but this is not exactly what i want :(
thanks for help. i am on 3.3-stable from 20030628.
