From owner-freebsd-pf@FreeBSD.ORG  Mon Dec 22 15:23:04 2008
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A107C1065676
	for <freebsd-pf@freebsd.org>; Mon, 22 Dec 2008 15:23:04 +0000 (UTC)
	(envelope-from crt@soup.si)
Received: from mail-bw0-f19.google.com (mail-bw0-f19.google.com
	[209.85.218.19])
	by mx1.freebsd.org (Postfix) with ESMTP id 0CC188FC1C
	for <freebsd-pf@freebsd.org>; Mon, 22 Dec 2008 15:23:03 +0000 (UTC)
	(envelope-from crt@soup.si)
Received: by bwz12 with SMTP id 12so5866011bwz.19
	for <freebsd-pf@freebsd.org>; Mon, 22 Dec 2008 07:23:02 -0800 (PST)
Received: by 10.180.249.4 with SMTP id w4mr2342743bkh.162.1229958179330;
	Mon, 22 Dec 2008 07:02:59 -0800 (PST)
Received: by 10.181.4.4 with HTTP; Mon, 22 Dec 2008 07:02:59 -0800 (PST)
Message-ID: <bedf2520812220702p21bfa1a9wdc658f735f2586f2@mail.gmail.com>
Date: Mon, 22 Dec 2008 16:02:59 +0100
From: "Crt Zerjal" <crt@soup.si>
To: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: reply-to in RELENG_7not working for networks attached to router
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Dec 2008 15:23:04 -0000

hi, this is my config file that worked well on RELENG_6.2

ext_ip1 = "{ x.x.81.190 }"
ext_ip2 = "{ y.y.6.177 }"
gw1 = "{ x.x.81.161 }"
gw2 = "{ y.y.0.1 }"
# NAT
rdr on le0 proto tcp from any to $ext_ip1 port { 80 } -> 192.168.233.1
rdr on le2 proto tcp from any to $ext_ip2 port { 80 } -> 192.168.233.1
# RULES
pass  in  quick  on le0   reply-to ( em0 $gw1 )from any to any keep state
pass  in  quick  on le2 reply-to ( em1 $gw2 )  from any to any keep state

but on RELENG_7 if the ip accessing one of the wans is in the subnet of the
other wan
the response is routed through the wrong interface

-- some ip lets say y.y.15.123 acess the router on x.x.81.190 on port 80
then reaches my web server on 192.168.233.1 and should leave on the same
interface that it came in but it is routed back on the other if