Try Pass out on rl0 route-to ne1:123.123.123.7 from 123.123.123.123 to any keep state
Your route-to'ing the reply packets which will have a source address of the mail server. Cheers, Adrian. -----Original Message----- From: Matijs [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 14 August 2002 7:07 AM To: [EMAIL PROTECTED] Subject: Re: 2 gateways, route-to probs. I tried: pass out on rl0 route-to ne1:123.123.123.7 from any to 123.123.123.123 keep state but it didn't work. Your assumption was correct, the default route is through rl0. Maybe with some more information that comes to mind. It's not possible to run a mailserver on the 234.234.234.234 ip address since port 25 is blocked on that network. I have however, always been running a mailserver on the 123.123.123.123 ip address (which was the interface with the default route before I got my second internet gateway). I would still like to do that, while all of my surfing goes out 234.234.234.234 since that is the ip adres with the biggest bandwidth. Problem now is that, from the outside, nobody can connect to 123.123.123.123 because replies get sent out through the default route, which is through rl0, with a different ip address. Does this help? Grts. Matijs ----- Original Message ----- From: "Daniel Hartmeier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 13, 2002 10:50 PM Subject: Re: 2 gateways, route-to probs. > On Tue, Aug 13, 2002 at 10:25:19PM +0200, Matijs wrote: > > > pass out on ne1 route-to ne1:123.123.123.7 from any to > > 123.123.123.123 keep > > state > > > > ... but this doesn't work. Pings to 123.123.123.123 get 'replied' to through > > the rl0 (234.234.234.234) interface. > > I assume your default route is through rl0. The problem is that the > above rule does only apply to packets that go out through ne1, which > the packets in question don't (due to the default route). > > Try > > pass out on rl0 route-to ne1:123.123.123.7 ... > > instead. > > Daniel
