Hi All, I am adding a second ISP/OpenBSD firewall to our network using PF, and carp to create a virtual gateway IP for the internal network.
My theory is that incoming mail connections, redirected by pf to the internal mail server, will be replied to in the same direction as it's source, regardless of the mail servers default gateway. So if mail arives at gate1, it will be redirected to the mail server. The mail server will reply to gate1 since that is where the mail connection appears to orginated from. The other side of my brain says that the mail server will reply to incoming mail connections using it's default gateway, since the incoming mail has an external IP in it's address. If mail arrives on gate1, and gate2 is currently the carp master, the mail connection will be replied to on gate2 instead of gate1. In this case I should use sendmail on each firewall to complete incoming mail connections and forward incoming mail to the inside mail server. My normal plodding approach of experimentation and repitition needs to speed up a bit to meet deadlines (and careless promises). Could someone swing their clue stick in my direction and show me the complete foolishness of my thinking? Is there a door number three that I am missing or are one of these doors the correct one? Gerald
