port-i386: Re: ipnat RDR doesn't work with multipath routing in KAME+NetBSD

Subject: Re: ipnat RDR doesn't work with multipath routing in KAME+NetBSD
To: Alicia da Conceicao <alicia@cyberstation.ca>
From: Darren Reed <darrenr@reed.wattle.id.au>
List: port-i386
Date: 10/29/2001 10:46:55

In some email I received from Alicia da Conceicao, sie wrote:
[...]
> This RDR redirection works for arbitrary incoming tcp connections
> to 231.231.231.231 port 1234, but does not work for 123.123.123.123
> port 1234.  Note that if this KAME+NetBSD server is running a web
> server on tcp port 80, then incoming web connections work to both
> 123.123.123.123 & 231.231.231.231.  In fact RDR only works for the
> default external interface that is listed first in netstat, which
> in this case is ext1, but can also be set to ext0.
> 
> Any ideas as to why RDR does not work for both external interfaces?
> Note that my ipf.conf is blank with no keep state and no fast
> routing.

IPFilter needs to see the packets going in and out over the same interface.