[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: route-to and reply-to - who is the winner?
On Sat, Feb 26, 2005 at 12:02:23AM +0100, Peter Grießl wrote:
> pass out quick on $If route-to ($If <gateway_1_IP>) keep state
> pass in quick on $If reply-to ($If <gateway_2_IP>) keep state
> Incoming packet arrives at $If - will the return packet be routed
> out to gateway_1 or to gateway_2 ?
> Tests showed gateway_2 is the winner - why?
Because when the first incoming packet matches the first rule, it
creates a state entry (due to the 'keep state' option).
Further packets related to the same connection (both incoming and
outgoing) will match that state entry. When a packet matches a state
entry, the ruleset is not evaluated at all. Hence, for further packets
of the connection, other rules in the ruleset are just not relevant.
The state entry for the incoming connection does contain instructions to
route (outgoing) replies through gateway_2, because the rule that
created the state entry contains this option.