Dose pfsync work with route-ro/reply-to rules?
Alexander Vyrlanovich
iskander at apple-park.kiev.ua
Wed Dec 10 04:31:33 PST 2008
Hello All
I have two firewalls with CARP + pfsync for failover
#uname -mrs:
FreeBSD 7.1-PRERELEASE i386
sources from Nov 24
Three ISPs are connected, default route points to ISP1
I use pf "route-to" option to forward some traffic via ISP2 and ISP3
The problem:
When backup firewall becomes a master, all packets forwarded via
ISP2 and ISP3
which has a state in state table, go to the ISP1 (default route) and
of course
are blocked by pf on outgoing interface.
More over, those packets bypass nat rules and try to go out as is.
Looks like pfsync loses routing information. Can somebody confirm this?
Alexander Vyrlanovich
System Administrator
More information about the freebsd-pf
mailing list