marko.cu...@mimar.rs (Marko Cupa??), 2015.09.07 (Mon) 17:56 (CEST): > I have OpenBSD firewall which talks BGP to 2 upstream ISPs. > bge0 - DMZ > em0 - ISP1 > em1 - ISP2 > > 80% of Internet routes are through ISP1, including the one from my home. > > I can ssh to em0 from home without problems - packets are being > returned through the same interface (em0). However, I can't ssh to em1, > I guess because packets are being returned through the other interface > (em0). I am not sure if packets are being blocked by PF or something > else causes the problem.
pf.conf(5), reply-to The reply-to option is similar to route-to, but routes packets that pass in the opposite direction (replies) to the specified interface. Opposite direction is only defined in the contextof a state entry, and reply-to is useful only in rules that create state. It can be used on systems with multiple external connections to route all outgoing packets of a connection through the interface the incoming connection arrived through (symmetric routing enforcement). Bye, Marcus > !DSPAM:55edb4a6324011528229407!