pf appears to have some trouble using the correct interface under some
circumstances.  (This is on i386 3.0.)

In particular, given

ex0: 10.100.0.5/30
rtk0: 10.100.1.5/30
fxp0: 10.101.0.1/24

with the default route pointing to 10.100.0.6, and pf rules

set state-policy if-bound
rdr on ex0 inet proto tcp from any to 10.100.0.5 -> 10.101.0.3
rdr on rtk0 inet proto tcp from any to 10.100.1.5 -> 10.101.0.4
pass out quick on ex0 route-to ( ex0 10.100.0.6 ) from 10.100.0.5 to any
pass out quick on ex0 route-to ( rtk0 10.100.1.6 ) from 10.100.1.5 to any
pass quick all

Then if a connection arrives to 10.100.0.5, all is well: 10.101.0.3
gets it, properly NATted, and response traffic is all good.

But if a connection arrives on 10.100.1.5, things are less good.
10.101.0.4 hears about it, and it looks right from its point of view,
but the response traffic goes out ex0, presumably because that's where
the default route points, despite coming from 10.100.1.5, despite the
state table entry and state-policy, despite even the pass line trying
to send it out rtk0!

What am I doing wrong?  What do I need to do to get this traffic to go
out the correct interface?  (I have similar issues with locally
originated traffic, actually, despite the "pass" rules, but it's the
NATted-connection response traffic that's most important.)  I could
port my srt interface to 3.0, probably, but it seems to me that either
the NAT state entries or the pass rules should make that unnecessary.

The above is a relatively brief sketch, but I think/hope I've included
everything relevant - I can give full details if desired.

/~\ The ASCII				der Mouse
\ / Ribbon Campaign
 X  Against HTML	       mouse@rodents.montreal.qc.ca
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B