dontek <don...@gmail.com> wrote: > In rewriting the ruleset I've > had no problems with connectivity with the exception of getting an SSH > connection to the firewall to work on either of the two external > interfaces. [...] > pass log quick on $EXT_IF_1 inet proto tcp from any to ($EXT_IF_1) > port ssh keep state > pass log quick on $EXT_IF_2 inet proto tcp from any to ($EXT_IF_2) > port ssh keep state
Use reply-to for your ssh rules: pass log quick on $EXT_IF_1 inet proto tcp from any to ($EXT_IF_1) port ssh keep state reply-to ($EXT_IF_1 $EXT_GATE_1) (And for the 2nd one, too) Devin