On 6/20/11 8:32 PM, Jerome Herman wrote:
pass in on nic_a reply-to ($nic_a $gw_a)
pass in on nic_b reply-to ($nic_b $gw_b)
From what I understand, there are two different ISP providing access to
two different interfaces. In this case I am very concerned with all the
bizarre things that a reply-to might trigger.
What I mean is that nothing guarantees that a distant address will
access the box from the same interface every time.
Who cares? The interfaces have different addresses so any traffic that
belongs together will go to only one interface. It's not like machines
out there will alternate packets to two different destination IP
addresses. They might alternate "connections," for a very broad
definition of "connections," but that shouldn't present a problem.
As for the rest, I think you're going waaaaaayyyyy beyond what the OP
described as his problem: Setup two interfaces with different addresses
which make use of different gateways as the addresses belong on
different networks. Allow traffic to go to one address on one network
until DNS glue records are changed and traffic starts going to a second
address on a second network.
I would suspect that he has stateful firewalls and/or anti-spoofing
rules upstream from him that keep him from replying to everything out a
single interface. If it weren't for that, I suspect we wouldn't be
having this discussion.
--Jon Radel
j...@radel.com
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
