[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: load balancing outgoing traffic: 1st TCP connection RESET

My guess is that this has something to do with TCP port allocation. At 
least, this seems to be the case when I try to use a similar rule for 
load-balancing ICMP traffic, like:
pass out quick log-all on $ext_if1 route-to \
   { ($ext_if1 <gws_if1>) , ($ext_if2 <gws_if2>) } \
   inet proto icmp keep state
ICMP traffic originated from the firewall itself is load-balanced without 
a problem. However, ICMP traffic originated at my internal network does 
not go through if PF chooses to re-route it through the second external 
interface. And I see error messages of the type:
Apr 15 11:43:07 blt-ha /bsd: pf: NAT proxy port allocation (50001-65535) 
Thanks in advance for any help.