On 02-10-2014 10:11, Jeff wrote: > I still can't seem to force a ping through a particular interface, even when I > have both interfaces as default routes (I've tried both with and without mpath). > If it matters, in both cases I used a lower priority (higher #) for our low speed > metered connection. This is ok. The only thing is that a connection going out from the firewall machine itself will never get routed to the fxp1 interface, unless you force it through pf. > > Here's my current routing information: > > default 10.150.228.105 UGS 5 168287 - 8 fxp0 > default 192.168.243.1 UGS 0 0 - 16 fxp1 > > and "ping -I 192.168.243.152 8.8.4.4" still sends traffic out through fxp0. If I'm not mistaken, this should work. I'm guessing that your pf rules are to blame. > > I have verified that if I swap the priorities that all traffic goes out through > fxp1 so I know that that connection works. Good. > > It feels like I'm missing something obvious here. Can someone point me in the right > direction? Try disabling pf and see if it works. If it does, then you'll need to change your rules to enforce the traffic to go to their respective gateways. Some rule like this should do:
pass out on fxp0 from (fxp1) to any route-to fxp1 pass out on fxp1 from (fxp0) to any route-to fxp0 If that do not work, try including your gateways in the rule so it become: pass out on fxp0 from (fxp1) to any route-to (fxp1 fxp1_gateway) pass out on fxp1 from (fxp0) to any route-to (fxp0 fxp0_gateway) Cheers, [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
