On 26. aug. 2010, at 00.18, Don Tek wrote:

quoted text
> I've recently implemented a firewall with two internet connections using
multipath routing and round-robin outbound load balancing.
quoted text
>
> I am looking for a solution from the shell to detect failure of these two
internet gateways so I can force routing and pf changes from a script.
quoted text
>
> I need something more robust than simply checking to see if the interface is
up or down.
quoted text
>
> I have managed a solution using traceroute that allows me to accomplish half
of my goal.  I can detect a failure and "down" that route, however, once I
delete the default route from the routing table for the failed connection, I
can no longer test it with traceroute.  This is because it doesn't appear to
me that OpenBSD's traceroute allows forcing an interface to work on.
quoted text
>
> I am looking for better solutions from some of you more experienced users.
Any suggestions are welcome.
quoted text
>
> don..
>


Taking a look at the bigger picture, the 'correct' way to do this is to have
redundancy at the firewall level as well at ISP link level. This gives higher
availability, and makes your problem much easier. If you have a single ISP
link per firewall then link testing is simple. Redundancy/LB is then managed
by CARP between the two firewalls' _inside_ interfaces.

/Pete