Bonjour monsieur Arnaud, I found the problem. I configured my notebook as a bridge and plugged it between the firewall and the cable modem. then capturing packets on the working "old state", with only one ISP, then with the route to.
after long time comparing them, I took a closer look on to the MAC addresses of the outgoing packets, then I saw it. with the route-to option the outgoing packets had taken the MAC address of the physical interface, instead of the carp interface. therefore changing my rout-to rule from: pass in log on $dmz_dev route-to ( $cable_dev $cable_gate ) from $dmz net to any keep state change to: pass in log on $dmz_dev route-to ( $cable_if $cable_gate ) from $dmz net to any keep state where $dmz_dev is the physical external interface, $cable_if is the external carp interface. thank you very much. kind regards Sebastian _____________________________________________________________________ Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
