Bernd Bednarz wrote:
I got two connections to the internet and want to do one as my gateway for everything and the other for request from the outside. Let's have a look on my example wich explains what I want to do.--snap--- 84.158.5.xx(ip1) 84.158.161.xx(ip2) 217.0.116.xx(gw1) 217.0.116.xx(gw2) -------- -------- |$dsl1 | |$dsl2 | -------- -------- \ / \ / \ / -tun0--tun1-- pass in on $dsl1 replay-to ($dsl1 $gw1)\ | | from any to any | router | pass out on $dsl2 route-to ($dsl1 $gw1)\ | | from $ip1 to any ----em0------ pass in on $dsl2 replay-to ($dsl2 $gw2)\ / from any to any / pass out on $dsl1 route-to ($dsl2 $gw2)\ / from $ip2 to any ----em0--- | webapp | ----------
man pf.conf, read the snippit about "reply-to" (not replay-to). It mentions something you're missing...
