[ferg]

My issues started when I upgraded from OS X 10.2 Server to 10.3 Server.
10.3 server has NAT (Network Address Translation) built in to the system.
Since I have two cable modems I thought this would be a good installation.
Carracho could run on one cable modem, and my heavy web viewing and other
internet activity could go on the other cable modem. Knowing that Apple is
known for making a easy GUI interface for everything that they do, I
naturally assumed that Apple had done so for configuring NAT.
Unfortunately they did no such thing, in-fact you do need to do some
terminal commands in order to get it to "work right". So since that didn't
work out to well I re-installed and went back to 10.2 Server but was
unable to get NAT working the way I had done in the past. So I upgraded to
10.3 Client, now I have NAT working on 10.3 Client, but I can only have 1
cable modem turned on and plugged in to the server in order to get NAT
working at all. I have since installed 10.3 client on my laptop and will
soon be upgrading it to 10.3 Server as soon as I get more evidence that
NAT can be done with out re-compiling the kernel. If you have any ideas or
notes on this subject please let me know. Thanks

[kampl]

So it sounds like you want to allow certain traffic over one WAN interface while letting all other traffic over the remaining. Have you done this in the past? Traffic shaping can be tricky business. I'm curious how you are going about it. Do you have any test configs that you can anonymize and post?

[kampl]

I'm thinking you might be able to get creative with IPFW .

That whole "pass out via interface" syntax is kinda throwing me into that direction. I haven't tried it as I have no lab to use for this, but it seems possible to match on a port and pass traffic out a specific interface and have an established command to pass back in on the same interface. Does this help?