Dup-to custom rule

eafunk

I am tying to send upd packets to a destination address simultaneously via two different ISPs for improved reliability. The under lying protocol is one directional and can support duplicate packet arrival at the destination.

The two ISPs are connected to pfsense via vr1 and vr2 interfaces, vr1 being the WAN port (default route).  vr0 is my LAN interface, through which the packets enter the pfsense system, correctly addressed to the destination I desire.  I am running pfsense version 1.2.3, which does not support the dup-to routing option via the GUI, so I edited the rules at /tmp/debug.rules, adding the following line:

pass in quick on vr0 dup-to vr2 inet proto udp from 192.168.15.0/24 to 204.45.xx.xx/29 port = 5075

192.168.15 is my LAN subnet
204.45.xx.xx/29 is the subnet belonging to the destination machine out on the internet.

After reloading the rules using "pfctl -f /tmp/rules.debug" and flushing the state table, packets get sent via vr2, but nothing is sent out vr1.  If I remove the rule, then packets are sent out vr1 only, as expected.

Taking a peak at the rule list via "pfctl -s rules" and I find the line of interest is now shown as:

pass in quick on vr0 dup-to vr2 inet proto udp from 192.168.15.0/24 to 204.45.xx.xx/29 port = 5075 keep state

Why might this not be working, and why was keep state added after I reloaded the rules?

Thanks,
Ethan…