On 5/25/07, Robert Zajda <[EMAIL PROTECTED]> wrote:
On 5/25/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
> Robert Zajda wrote:
> > On 5/25/07, Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:
> >> Bambero wrote:
> >> > I don't need load balance, or nat. I just need two accessible from
> >> > internet interfaces.
> >> >
> >> > When the request goes to first interface it should back via first
> >> > interface.
> >> > When the request goes to second interface it should back via second
> >> > interface.
> >> >
> >>
> >> check out the reply-to keyword in the pf.conf manpage.
> >>
> >> cheers,
> >> jake
> >>
> >
> > Hmm ... I'm trying but it won't works for me.
> >
> > ifconfig re0 xx.xx.xx.xx netmask xn.xn.xn.xn
> > ifconfig re1 yy.yy.yy.yy netmask yn.yn.yn.yn
> >
> > route delete defult # for sure
> >
> > /etc/pf.conf:
> > set skip on lo
> > scrub in
> >
> > block in quick inet6 all
> >
> > pass in quick on re0 reply-to ( re0 xg.xg.xg.xg )
> > pass in quick on re1 reply-to ( re1 yg.yg.yg.yg )
> >
> > ... and still nothing
> >
> > What may be wrong ?
> >
>
> here's what works for me on 4.0-release:
>
> pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto icmp \
> from any to $gw1_ip icmp-type echoreq keep state
>
> pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto icmp \
> from any to $host2 keep state
>
> pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp \
> from any to $gw1_ip port $services flags S/SA modulate state
> pass in on $ext_if1 reply-to ($ext_if1 $ext_gw1) proto tcp \
> from any to $host2 port $services flags S/SA modulate state
>
Hmm, I can guess $ext_if1 and $ext_gw1, $host2 is probably an IP of $ext_if1,
but what is $gw1_ip is not obvious for me ...
Ok, I found solution. Thanks for help.
