I think you need to specify the gateway. On a host I set up that uses DSL (pppoe(4) so the gw is 0.0.0.1):
pass out on $ext_if1 from $ext_if2 to any route-to ($ext_if2 0.0.0.1) pass out on $ext_if2 from $ext_if1 to any route-to ($ext_if1 0.0.0.1) I don't know if your omission of 'to any' affects it, but it could also be matching a packet further down the list. I'd stick the route-to at the very bottom of your ruleset, or if you group them by direction/interface, at the bottom of the pass out on external interfaces and see if that helps? Tom
