Date: Mon, 12 Mar 2007 16:43:13 +0000 From: Tom Judge <tom@tomjudge.com> To: Alexandre Biancalana <ale@seudns.net> Cc: freebsd-net@freebsd.org Subject: Re: PF route-to behavior Message-ID: <45F58321.5050309@tomjudge.com> In-Reply-To: <45F564B5.10307@seudns.net> References: <45F564B5.10307@seudns.net>
index | next in thread | previous in thread | raw e-mail
Alexandre Biancalana wrote: > Hi List, > > > I´m doing a firewall setup using 6-STABLE + PF with two internet links > but I can't do the route-to rule function as I need. > > > (default gw) ______ > Link A <-----------> |int A | > | | > Link B <-----------> |int B | > |______| > FreeBSD FW > > A simple thing that I need to do is test the two Internet links to know > if they are up or not. To do this I could ping or connect tcp ports on > some external ips thought each link, using nc and hping I tried do this > generate connections/packets from each network interface connected to > each link but the packets always go out by the interface indicated by > machines default route. > > I tried to add this rules in pf to force packets out by the right > interface based in your source address, but this does not work, and the > packets generated with ip of int B are going out by int A. > > pass out log on $int_a route-to ( $int_b $int_b_gw ) from $int_b to any > pass out log on $int_b route-to ( $int_a $int_a_gw ) from $int_a to any > > > Am I forgetting something ? Any comments ? > Have you tried setting the source IP address to int B when using ping your tcp sessions, this should force PF to do your source routing for you. Hope this helps Tomhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45F58321.5050309>