Unless I have made a significant mistake in interpreting the diagnostic steps, if an OpenBSD host/server has multiple interfaces that are connected to the same subnet, it is not guaranteed that inbound traffic to one of those interfaces is replied to from the same interface on which the packets of the flow were received. This was surprising and non-obvious behavior to me. Is there some documentation I may have missed which discusses this point?
More importantly, is there a way to achieve the behavior I was expecting to see, which is if traffic is received on one interface of multiple connected to a subnet, that replies to that traffic come from the same interface? I was able to use priorities in hostname.if , but this establishes which is the statically preferred interface rather than ensuring reply traffic goes out the interface it arrived on.
I tried reply-to in pf.conf , and it neither accomplished this nor do I think it is the use case that was intended.
If it matters, the following is my use-case. I am trying to solve the issue of bidirectional queueing with multiple internal subnets, as per #1 in:
The only workable approach I could find was to tie all the internal interfaces and a vether if together into a bridge, and treat the vether as the $int_if. Since IP addresses are to be assigned to the internal hosts via DHCP, and since dhcpd doesn't filter by tags inserted by bridge rules, the only way to have dhcpd assign the intended addresses by subnet was to have a distinct interface for each subnet. Now if I deliberately want to send traffic to the distinct interfaces for DHCP, it gets passed in just fine, but the reply traffic seems to come from the $int_if vether that is connected to the bridge with all the aliases to support being a gateway from all subnets.