Thanx for your suggestion. I already have ipfilter configured on this machine, so I could quickly test if the "to" keyword could help. This is what happens. If I just permit access to a port on the new IP, and permit outgoing traffic from that new IP, a snoop on the device shows the coming connection and also shows the machine is trying to reply with the new IP source address. But as I said, the kernel routing move the packet to the wrong router.
Then I tried to use the "to" keyword like this: pass out quick on rtls1 to rtls1:<newrouter> from <newip> to any What happens now is that the snoop command shows the coming connection only. No packet reply is seen. This suggests me that ipfilter is trying to do something, but the reply seems to die. So I had a doubt: consider that my two public IPS are on a single physical network card, configured through virtual IP (ifconfig rtls1 and ifconfig rtls1:1). May be that ipfilter does something strange because of the unique device? Maybe I'd need to use another physical network card? This message posted from opensolaris.org _______________________________________________ networking-discuss mailing list [email protected]
