I resolved the problem with the reply-to pf directive. Thanks to P. Lamaiziere
2015-09-08 12:16 GMT+02:00 jean-yves boisiaud < jean-yves.boisi...@alcor-consulting.fr>: > hello, > > I'm using OBSD 5.7 as a firewall with carp and pfsync, more ipsec VPN used > with sasyncd. > > I have two Internet interfaces, one is the default route (em1), the other > is for legacy traffic (em2). I also have a DMZ/LANs interface (em0). > > Outgoing traffic from LANs (arriving on em0) to the Internet works > perfectly, whatever it takes em1 or em2 (depending on static routes or pf > rules with route-to). > > Incoming traffic from the internet that arrives on em1 to the LANs > (through em0) is also ok. > > But there is a problem with the incoming traffic from the internet when it > arrives on em2. > > For example, from a host on the Internet, when I ping the external IP > (local or CARP) of the em1 interface, ICMP echo requests packets arrive on > em2 (correct). But echo replies take the em1 interface, with the IP source > of em2 (not correct). > > I tried to use the if-bound in pf.conf, but nothing changes. > > How could I resolve this routing problem ? > > Thanks for your help. > > > -- > Jean-Yves Boisiaud - Alcor Consulting > 24, rue de la Glycine > 49250 Saint Remy la Varenne > -- Jean-Yves Boisiaud - Alcor Consulting 24, rue de la Glycine 49250 Saint Remy la Varenne
