Just to be certain, are you aware that for PF, the last matching rule is
applied? Also, you can use the command:
# pfctl -vv -sr
to examine how your rules are being matched.
Cheers,
Han
Alexandre Biancalana wrote:
Hi List,
I´m doing a firewall setup using 6-STABLE + PF with two internet links
but I can't do the route-to rule function as I need.
(default gw) ______
Link A <-----------> |int A |
| |
Link B <-----------> |int B |
|______|
FreeBSD FW
A simple thing that I need to do is test the two Internet links to
know if they are up or not. To do this I could ping or connect tcp
ports on some external ips thought each link, using nc and hping I
tried do this generate connections/packets from each network interface
connected to each link but the packets always go out by the interface
indicated by machines default route.
I tried to add this rules in pf to force packets out by the right
interface based in your source address, but this does not work, and
the packets generated with ip of int B are going out by int A.
pass out log on $int_a route-to ( $int_b $int_b_gw ) from $int_b to any
pass out log on $int_b route-to ( $int_a $int_a_gw ) from $int_a to any
Am I forgetting something ? Any comments ?
Regards,
Alexandre
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
