On August 25, 2010 8:20 PM, Stuart Henderson wrote:
interface/nexthop. if that's correct, to have relayd check connectivity
beyond the gateways, you'll need static routes (e.g. host 8.8.8.8 via
connection A, 208.67.222.222 via connection B) and use those hosts as an
indicator.
traceroute.
route-to pf rule to make sure packets with a specific source address are
directed out of the relevant interface...though if you only have one address
to play with for each connection you might be unable to distinguish "check"
packets from normal packets.
I tried out Stuart's suggestion with a couple of vether interfaces and it
seems to have accomplished what I was looking for. Details:
$ cat /etc/hostname.vether0
inet 172.16.0.1 255.255.255.0 NONE
$ cat /etc/hostname.vether1
inet 172.16.1.1 255.255.255.0 NONE
$ cat /etc/pf.conf (additions only)
match out on $ext_if_1 from (vether0:network) nat-to ($ext_if_1)
match out on $ext_if_2 from (vether1:network) nat-to ($ext_if_2)
pass out on $ext_if_1 from (vether0) route-to ($ext_if_1 $ext_gate_1)
pass out on $ext_if_2 from (vether1) route-to ($ext_if_2 $ext_gate_2)
Tests:
$ traceroute -s 172.16.0.1 -n google.com
$ traceroute -s 172.16.1.1 -n google.com
Once the above was done I could apply my traceroute scheme of testing to a
script and/or integrate into ifstated.
Thanks Stuart.
