> I must explain why two gateways:
> 
> - one will be the *default* gateway, to come out on Internet
> 
> - second one has an public IP address too. But it will not be used
> to come out, just to come in (mail server for example).
> In this case, problem is that when a request comes in on this network
> interface, answer goes out on the first interface, which is the default
> gateway. I'd like that answers use same interfaces as requests.

Dunno whether netbsd has anything special here, but I doubt it...

I don't think it is possible to do what you want.  The TCP stack (and most
of the IP stack) doesn't know which interface a packet came in on.  IP
won't know that an outbound packet has anything to do with the earlier one.
So there is no way the SYN-ACK can be sent out on the same interface as
the SYN came in on.  Especially since you imply there might be a different
outbound connection to the same remote IP address....

You can't send the packet out on the interface that has the source address
of the packet - you want to be able to reference a system that does IP
forwarding by and of its addresses on any interface.

I remember trying to test TCP/X.25 - this needs a lot of private subnets,
we had 2 ethernet, one FDDI and one token ring (4M and 16M with a bridge)
network plus the X.25 switch, since the LANs were normally either bridged
or routed together is was quite tricky getting the traffic to follow the
desired route :-)

You might wangle something by adding a host route when you see the inward
SYN packet....

    David