Re: pf multiple networks, two gateways, route-to question

From: Adam Taube (nospam_at_thenewsgroups.com)
Date: 09/27/04 

Date: Sun, 26 Sep 2004 21:25:27 -0600

"sam" <samwun@hgcbroadband.com> wrote in message
news:cj7u06$12s8$1@news.hgc.com.hk...
> Gernot W. Schmied wrote:
> > Have a look at the Internet Router Discovery Protocol that comes with
> > gated, quagga or routed. A very nice way to announce default gateways.
> > Might help in that situation.
> How would gated work with PF?
>
> Sam

Yeah, I'm wondering. From the looks of it I would have to have a
routed/gated/zebra (pick one) box between my OpenBSD pf box and the two
internet connections... which wouldn't be a problem, but I was hoping I
could do this all on the box I have already set up.

Is it possible to route replies from machines in the dmz to go back out
through the network the original request came on? If so, how?
That is the question which seems to be eluding us...

I suppose another possibility is to have two OpenBSD firewalls running pf,
one for each ISP, that would both be connected to their own dmz's, the
servers in there having two network interfaces and their services listening
on both... but that's starting to sound like overkill to me. It makes sense
that there ought to be a slimmer, more elegant solution... especially with
our beloved pf ;-)

Adam