On 2012-09-13, What you get is Not what you see <wygin...@gmail.com> wrote:
> # Route-to rules for load balancing
>
> pass in on $intif inet proto tcp from $lannet route-to { ($extif1 $gw1),
> ($extif2 $gw2) } round-robin modulate state
> pass in on $intif inet proto udp from $lannet route-to { ($extif1 $gw1),
> ($extif2 $gw2) } round-robin modulate state
> pass in on $intif inet proto icmp from $lannet route-to { ($extif1 $gw1),
> ($extif2 $gw2) } round-robin modulate state
These are the only rules you have which actually direct traffic out
of multiple interfaces. The other route-to rules you posted only ensure
that traffic goes out of the interface corresponding to the source address.
Your rules only apply to *incoming* traffic, you don't have any similar
rules for outgoing traffic from the firewall itself, that is what you'd need
to add.
