--- Quoting [EMAIL PROTECTED] on 2006/12/09 at 16:36 -0500: > I'm in the process of evaluating whether to transition from a DSL line > over to a cable modem, and until February I'll have both hooked up to > my OpenBSD 3.8 box, which acts as a mail/web/NAT server. > > I've got the new cable modem hooked up, it has an IP, and I can ping > its gateway...but using that connection to talk to the rest of the > world is not yet functional. Basically, if I ping the cable modem's IP, > attempt to SSH to it, etc. from the outside world, the packets come > into that interface...and then attempt to go out the interface hooked > to my DSL modem. Since I'm not sure if this is a route table issue or a > PF issue, I'll give my full config here:
The return traffic is following your default route which points out your DSL line ($ext_if). The ruleset is evaluated but your "pass out on $ext_if" rule specifies flags S/SA so the packet doesn't match. Read pf.conf(5) and look for the reply-to option. Also the pf faq would probably help you too (http://www.openbsd.org/faq/pf/pools.html). .joel
