Jon Rubio escreveu: > > ------------------------------------------------------------------- > 4.) Responses to incoming Web server (DMZ net) must be reply through ISP2 > (172.31.0.21 --> 172.31.0.254 --> 80.25.145.194 --> 80.25.145.193 --> > ISP2). > ERROR!! Packages are send back through ISP1 (bge0). > > Can anyone help me with the missing rule? Please. > > Thanks in advance. Hi,
I was short on time to write the rule that time, but basically, your rdr is right. All you need is to edit you pass rule and add something like this: reply-to ($isp2_iface $isp2_gw). So, your complete rule might look like this: pass in on $isp2_iface reply-to ($isp2_iface $isp2_gw) from any to $srv_web_001 port http keep state Wish you luck, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
