>Down rule will work if your default gateway is on $ext_if
>pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) from any to any port
www keep state probability 50%
It doesn't work either, I didn't debug it, but it seems packets going out
from ext_if2 are coming back to ext_if 1 too
The default gw is on ext_if
>Can you give >>ifconfig output and /etc/mygate Also try using pfctl -vsr
and look whats going on on $ext_if and $ext_if2.What is last mathed rule
etc..
mygate points to the router's attached to ext_if IP
ifconfig -a output :
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:e0:81:61:bc:cd
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::2e0:81ff:fe61:bccd%em0 prefixlen 64 scopeid 0x1
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:e0:81:61:bc:cc
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.3.1 netmask 0xfffffff8 broadcast 192.168.3.255
inet6 fe80::2e0:81ff:fe61:bccc%em1 prefixlen 64 scopeid 0x2
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:50:fc:42:fb:21
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
inet6 fe80::250:fcff:fe42:fb21%rl0 prefixlen 64 scopeid 0x3
em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:0e:0c:76:d8:67
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::20e:cff:fe76:d867%em2 prefixlen 64 scopeid 0x4
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
pfsync0: flags=0<> mtu 2020
enc0: flags=0<> mtu 1536
>Cheers
>Tihomir Koychev
