On Sat, 2004-08-07 at 02:38, Reza Muhammad wrote:
> ash-2.05b# pfctl -s rules
> scrub in all fragment reassemble
> block drop log all
> pass in on xl0 route-to { (rl0 202.x.x.1), (rl1
> 202.x.x.169) } round-robin inet proto tcp from
> 172.16.0.0/16 to any flags S/SA modulate state
> pass in on xl0 route-to { (rl0 202.x.x.1), (rl1
> 202.x.x.169) } round-robin inet proto udp from
> 172.16.0.0/16 to any keep state
> pass in on xl0 route-to { (rl0 202.x.x.1), (rl1
> 202.x.x.169) } round-robin inet proto icmp from
> 172.16.0.0/16 to any keep statethis may be a stupid question, but do you have rl0 and rl1 configured to be on the same subnet? i.e., is the prefix length of 202.x.x.0 a /24? if so--that's your problem. either subnet that network down so that rl0 & rl0's gw are on one subnet, and rl1 & rl1's gw are on a different subnet (i.e. 202.x.x.0/25 and 202.x.x.128/25). another possibility would be to leave everything on the same subnet, and bridge rl0 and rl1 together and just assign one IP address to the bridge interface. -j =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ PLEASE DON'T SMOKE HERE! Penalty: An early, lingering death from cancer, emphysema, or other smoking-caused ailment. =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
