On 8/4/06, Hasan USTUNDAG <[EMAIL PROTECTED]> wrote:
http://www.bsdforums.org/forums/showthread.php?t=33480
script works fine for me.
You can also use ping to check host availibilty or perl module
Net::Telnet to check port availibilty for other protocols.
That pf.conf looks ok, but his script isn't so great.
I tried this and it works in a lab scenario, with the slight advantage
that everything necessary is available within OpenBSD's default
distribution. The <available> table is populated by live nc'd entries
from the <pool> table using the script below, cron'd at your desired
test interval. One caveat is that your first load of pf.conf will
have an empty <www_available> table until the script executes. I
suppose you could mirror <www_pool> to <www_available> in pf.conf to
avoid that.
pf.conf:
---------
table <www_pool> persist { 10.0.0.10 10.0.0.11 10.0.0.12 10.0.0.13 10.0.0.14 }
table <www_available> persist
rdr on $ext_if proto tcp from any to 172.16.10.100 port 80 -> {
<www_available> } round-robin
pass in on $ext_if inet proto tcp from any to <www_pool> port 80 flags
S/SA synproxy state
---------
test_avail.sh:
---------
#!/bin/ksh
for host in `/sbin/pfctl -t www_pool -Ts`
do
/usr/bin/nc -z -w 1 $host 80 2>&1 >/dev/null && action=add || action=delete
/sbin/pfctl -t www_available -T $action $host
done
---------
