hello, I'm using OBSD 5.7 as a firewall with carp and pfsync, more ipsec VPN used with sasyncd.
I have two Internet interfaces, one is the default route (em1), the other is for legacy traffic (em2). I also have a DMZ/LANs interface (em0). Outgoing traffic from LANs (arriving on em0) to the Internet works perfectly, whatever it takes em1 or em2 (depending on static routes or pf rules with route-to). Incoming traffic from the internet that arrives on em1 to the LANs (through em0) is also ok. But there is a problem with the incoming traffic from the internet when it arrives on em2. For example, from a host on the Internet, when I ping the external IP (local or CARP) of the em1 interface, ICMP echo requests packets arrive on em2 (correct). But echo replies take the em1 interface, with the IP source of em2 (not correct). I tried to use the if-bound in pf.conf, but nothing changes. How could I resolve this routing problem ? Thanks for your help. -- Jean-Yves Boisiaud - Alcor Consulting 24, rue de la Glycine 49250 Saint Remy la Varenne
