FreeBSD: Asymmetric routing does not work

[ATC]

While moving an enterprise network from one ISP to another we needed to temporarily route all outgoing traffic for both address spaces over the same ISP link.

Firewall
  Router
    ISP1
    ISP2

Outbound traffic for both ISPs was routed towards ISP2. Incoming traffic bound for ISP1 addresses entered the Router but did not get forwarded to Firewall as expected

[ATC]

The interfaces were defined as follows:

interface fxp0 allow in verrevpath

The "verrevpath" keyword effectively makes asymmetric routing impossible because it checks if traffic enters through the same interface it would be routed through.

Simply removing the "verrevpath" keyword solved the problem.

Note that reverse path verification is commonly used to prevent some forms of IP spoofing so do not remove it unless you really need asymmetric routing.