Hi Since all interfaces have 192.168.x.x ips then are you sure whats are ips and netmasks ot you routers.If you routers have different netmask than yours. Please use pfctl -vsr and see what rules are evaluationed.Use pftop from ports to debug connections.
Cheers Tihomir --- Jose Mejia <[EMAIL PROTECTED]> wrote: > > > >Down rule will work if your default gateway is on $ext_if > >pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) from any to > any port > www keep state probability 50% > > > It doesn't work either, I didn't debug it, but it seems packets going > out > from ext_if2 are coming back to ext_if 1 too > The default gw is on ext_if > > > >Can you give >>ifconfig output and /etc/mygate Also try using pfctl > -vsr > and look whats going on on $ext_if and $ext_if2.What is last mathed > rule > etc.. > > mygate points to the router's attached to ext_if IP > > ifconfig -a output : > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224 > inet 127.0.0.1 netmask 0xff000000 > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 > em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > address: 00:e0:81:61:bc:cd > media: Ethernet autoselect (1000baseT full-duplex) > status: active > inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 > inet6 fe80::2e0:81ff:fe61:bccd%em0 prefixlen 64 scopeid 0x1 > em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > address: 00:e0:81:61:bc:cc > media: Ethernet autoselect (1000baseT full-duplex) > status: active > inet 192.168.3.1 netmask 0xfffffff8 broadcast 192.168.3.255 > inet6 fe80::2e0:81ff:fe61:bccc%em1 prefixlen 64 scopeid 0x2 > rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > address: 00:50:fc:42:fb:21 > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 > inet6 fe80::250:fcff:fe42:fb21%rl0 prefixlen 64 scopeid 0x3 > em2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 > address: 00:0e:0c:76:d8:67 > media: Ethernet autoselect (100baseTX full-duplex) > status: active > inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 > inet6 fe80::20e:cff:fe76:d867%em2 prefixlen 64 scopeid 0x4 > pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224 > pfsync0: flags=0<> mtu 2020 > enc0: flags=0<> mtu 1536 > > > > >Cheers > >Tihomir Koychev > > www.BetStrikes.com - Ôóòáîëíè ïðîãíîçè
