Dose pfsync work with route-ro/reply-to rules?
Alexander Vyrlanovich
iskander at apple-park.kiev.ua
Thu Dec 11 00:10:04 PST 2008
On 10 Dec 2008, at 14:12, Alexander Vyrlanovich wrote:
> Hello All
>
> I have two firewalls with CARP + pfsync for failover
> #uname -mrs:
> FreeBSD 7.1-PRERELEASE i386
> sources from Nov 24
>
> Three ISPs are connected, default route points to ISP1
> I use pf "route-to" option to forward some traffic via ISP2 and ISP3
>
> The problem:
> When backup firewall becomes a master, all packets forwarded via
> ISP2 and ISP3
> which has a state in state table, go to the ISP1 (default route) and
> of course
> are blocked by pf on outgoing interface.
> More over, those packets bypass nat rules and try to go out as is.
Please ignore my sentence about nat - it was incorrect.
> Looks like pfsync loses routing information. Can somebody confirm
> this?
Alexander Vyrlanovich
System Administrator
More information about the freebsd-pf
mailing list