Tom Judge wrote:
Alexandre Biancalana wrote:
Tom Judge wrote:
Alexandre Biancalana wrote:
Tom Judge wrote:
Alexandre Biancalana wrote:
Hi List,
I´m doing a firewall setup using 6-STABLE + PF with two internet
links but I can't do the route-to rule function as I need.
(default gw) ______
Link A <-----------> |int A |
| |
Link B <-----------> |int B |
|______|
FreeBSD FW
A simple thing that I need to do is test the two Internet links
to know if they are up or not. To do this I could ping or connect
tcp ports on some external ips thought each link, using nc and
hping I tried do this generate connections/packets from each
network interface connected to each link but the packets always
go out by the interface indicated by machines default route.
I tried to add this rules in pf to force packets out by the right
interface based in your source address, but this does not work,
and the packets generated with ip of int B are going out by int A.
pass out log on $int_a route-to ( $int_b $int_b_gw ) from $int_b
to any
pass out log on $int_b route-to ( $int_a $int_a_gw ) from $int_a
to any
My mistake, I only looked at the header of the ping man page.
These are the rules that I would use in that situation:
if_a=em0
ip_a=192.168.0.2
gw_a=192.168.0.1
net_a=192.168.0.0/24
if_b=em1
ip_a=192.168.1.2
gw_a=192.168.1.1
net_a=192.168.1.0/24
pass out log on $if_a route-to ( $if_b $gw_b ) from $ip_a to ! $net_b
pass out log on $if_b route-to ( $if_a $gw_a ) from $ip_b to ! $net_a
The difference is that my rules are for internet traffic, I don't have
fixed destinations....
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
