On Thu, Dec 22, 2011 at 05:43:47PM +0500, ???? ??????? wrote:
> hello!
>
> I'm running multihomed server (two servers in carp cluster).
>
> say carp5 is default route and carp2 is another ISP. I want to see
> outgoing packets in the interface they came in. I supposed, it could
> be done using "reply-to" pf keyword.
> however, I'm not sure "reply-to" is runnung well with carp. Can anyone
> proof such thing ?
>
> I did
>
> set skip on lo
>
> pass in to X.X.X.X reply-to (carp5 X.X.X.N)
> pass in to Y.Y.Y.Y reply-to (carp2 Y.Y.Y.N)
>
>
> pass # to establish keep-state
>
>
> and "pfctl -sa -v" shows zero packets and bytes (but a lot of evaluations)
>
> Cheers,
> Ilya Shipitsin
Yes, I have been using reply-to with carp interfaces.
You order of rules is wrong. Last matching rule wins.
-Otto
