Two interface route-to problem

[Matt MacDonald]

Thank you for the help.

I was sure that I read in the docs somewhere that you could use
route-to on an outgoing packet as well.  If not, is there any way that
I can route a packet back out tun1 when my default route is tun0?

Thanks,
Matthew MacDonald

On Mon, 7 Feb 2005 10:40:06 -0800, Jon Simola <jsimola at gmail.com> wrote:
> On Mon, 7 Feb 2005 07:15:21 -0500, Matt MacDonald
> <macdonald.matthew at gmail.com> wrote:
> 
> > I've got two PPPoe interfaces to different ISPs.  The default route is
> > to ISP1 but my servers are on the ISP2.  Everything seems to be
> > working fine except for traffic that is destined for ISP2 get's
> > returned on the ISP1 interface.  The docs seem to say that route-to
> > will fix me problem but I can't seem to get it to work.  Hopefully
> > someone on this list will see what I'm doing wrong.
> >
> > Here is the commands that I have tried to get this to work:
> >
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2:peer ) from ($ISP2) \
> >      to any flags S/SA
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2gw  ) from ($ISP2) \
> >      to any flags S/SA
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2:peer ) from $ISP2addr \
> >      to any flags S/SA
> > pass out log quick on $ISP1 route-to ( $ISP2 $ISP2gw ) from $ISP2addr \
> >      to any flags S/SA
> >
> > but none of them seem to work.  I do have a similar line that routes
> > SMTP traffic inbound on the inside interface to ISP2 and that works
> > fine.
> 
> Yes, route-to should be used on the "pass in" side of the ruleset.
> You've got a working SMTP rule for it, and here's an example from one
> of my routers:
> 
> pass in  on vlan107 route-to (vlan700 172.16.0.129) from
> vlan107:network to x.x.0.0/16 keep state
> 
> The man page talks about creating route-to creating state, and I think
> it's much easier to do this on the incoming interface.
>