On Fri, Sep 14, 2012 at 11:21 AM, Stuart Henderson <s...@spacehopper.org>wrote:
> On 2012-09-13, What you get is Not what you see <wygin...@gmail.com>
> wrote:
> > # Route-to rules for load balancing
> >
> > pass in on $intif inet proto tcp from $lannet route-to { ($extif1
> $gw1), ($extif2 $gw2) } round-robin modulate state
> > pass in on $intif inet proto udp from $lannet route-to { ($extif1
> $gw1), ($extif2 $gw2) } round-robin modulate state
> > pass in on $intif inet proto icmp from $lannet route-to { ($extif1
> $gw1), ($extif2 $gw2) } round-robin modulate state
>
> These are the only rules you have which actually direct traffic out
> of multiple interfaces. The other route-to rules you posted only ensure
> that traffic goes out of the interface corresponding to the source address.
>
> Your rules only apply to *incoming* traffic, you don't have any similar
> rules for outgoing traffic from the firewall itself, that is what you'd
> need
> to add.
>
>
Could you explicitly give the outgoing rules? I didnt understand to write a
rule for firewall itself.
Will it be something like this
pass out inet proto tcp from self route-to { ($extif1 $gw1), ($extif2
$gw2) } round-robin modulate state
