On Mon, 7 Mar 2005 22:07:52 +0100, Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> > No, pf route-to always overrides the routing table. You can use route-to > on a 'pass in' rule. In this case, pf alone routes the packet, and the > routing table is completely bypassed (never consulted). Or you can use > route-to on a 'pass out' rule. An incoming packet first goes to the > stack, then, and the stack consults the routing table to see where to > forward it to. If a 'pass out route-to' rule catches the packet when it > tries to go out through that interface, pf re-routes the packet onto the > final interface. Either way, a matching pf route-to wins over the > routing table. > Thankyou Dany so much for the clarification. So is it possible to avoid the "/etc/mygate" file by specifying "route-to" to all rules?? My question comes from the frustration that I have configured my PF firewall with 3 NICs 1) to LAN switch 2) to DSL internet connection 3) to cable modem internet connection (gets IP by dhcp) /etc/mygate has the Gateway of the DSL connection. on some days the firewall loses all route after working for an hour or so. Reboting the firewall helps but again the firewall loses route (even to the LAN) after some time. Thankyou so much once again kind regards Siju
