On Tue, Jan 10, 2012 at 1:41 PM, Dr.-Ing. Torsten Finke < torsten.fi...@igh-essen.com> wrote:
> On my firewall I have TWO different internet connections. It is simple to > forward - for instance ssh - > from both connections to an internal machine. Now this machine answers and > the > firewall sends the reply back. How can I force the firewall to send the > reply > over exactly that interface the request came in? The problem is that the > client anywhere on the internet expects the answer from the very address it > had contacted. If now the reply comes from another address, it will get > lost. > I am doing this using OpenBSD 4.6, without any apparent problems, using the following syntax: pass in log quick on $pri inet proto tcp to ($pri) port 1194 pass in log quick on $sec reply-to $sec inet proto tcp to ($sec) port 1194 Unfortunately, the pf.conf syntax has changed since v4.6 and while I do plan to upgrade my own firewall to v5.0 (I've bought the CD already) I haven't yet had time to perform the upgrade. As a result, I haven't worked out what the equivalent 'modern' syntax would be, but you might be able to get some hints from what I'm using in v4.6. -ken
