From owner-freebsd-questions@FreeBSD.ORG Tue Jun 21 12:26:12 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42243106566C for ; Tue, 21 Jun 2011 12:26:12 +0000 (UTC) (envelope-from jon@radel.com) Received: from wave.radel.com (wave.radel.com [216.143.151.4]) by mx1.freebsd.org (Postfix) with ESMTP id F39F68FC12 for ; Tue, 21 Jun 2011 12:26:11 +0000 (UTC) Received: by wave.radel.com (CommuniGate Pro PIPE 4.1.6) with PIPE id 10228218; Tue, 21 Jun 2011 08:26:11 -0400 Received: from [192.168.43.232] (account jon@radel.com HELO gravenstein.local) by wave.radel.com (CommuniGate Pro SMTP 4.1.6) with ESMTP-TLS id 10228216 for freebsd-questions@freebsd.org; Tue, 21 Jun 2011 08:25:51 -0400 Message-ID: <4E008DC4.7040400@radel.com> Date: Tue, 21 Jun 2011 08:25:40 -0400 From: Jon Radel User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <201106202107.p5KL7PW0091851@x.it.okstate.edu> <4DFFC61B.2080201@radel.com> <27899_1308609017_4DFFC9F9_27899_767_1_D9B37353831173459FDAA836D3B43499BF89C588@WADPMBXV0.waddell.com> <4DFFD0A7.8010806@radel.com> <4DFFE6B9.2020107@dichotomia.fr> <4E00756B.5050805@my.gd> In-Reply-To: <4E00756B.5050805@my.gd> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Radel.com-MailScanner-Information: Please contact Jon for more information X-Radel.com-MailScanner: Found to be clean X-Mailer: CommuniGate Pro CLI mailer Subject: Re: Two Networks on one System X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2011 12:26:12 -0000 On 6/21/11 6:41 AM, Damien Fleuriot wrote: > > > > On 6/21/11 2:32 AM, Jerome Herman wrote: >> On 21/06/2011 00:13, Jon Radel wrote: > >> So depending on the client route, packets from a given IP address can >> land on either interface. Actually two clients nated behind the same >> public address might end up on both interfaces at the same time. >> Even though your solution should work 99% of the time , it can lead to >> pretty strange behavior. I am not completely sure of how reply-to works, >> notably with keep state (and of course OpenBSD manuals on PF are down >> right now, at least from here). I remember attempting similar setups and >> having quite a lot of trouble with ICMP (especially RST for that matter). >> I most emphatically did NOT write that. Somebody else isn't quoting properly. --Jon Radel