[email protected] (Giancarlo Razzolini), 2014.10.02 (Thu) 15:39 (CEST): > On 02-10-2014 10:11, Jeff wrote: > > I still can't seem to force a ping through a particular interface, even when > I > > have both interfaces as default routes (I've tried both with and without > mpath). > > If it matters, in both cases I used a lower priority (higher #) for our low > speed > > metered connection. > This is ok. The only thing is that a connection going out from the > firewall machine itself will never get routed to the fxp1 interface, > unless you force it through pf. > > > > Here's my current routing information: > > > > default 10.150.228.105 UGS 5 168287 - 8 > fxp0 > > default 192.168.243.1 UGS 0 0 - 16 > fxp1 > > > > and "ping -I 192.168.243.152 8.8.4.4" still sends traffic out through fxp0. > If I'm not mistaken, this should work. I'm guessing that your pf rules > are to blame. > > > > I have verified that if I swap the priorities that all traffic goes out > through > > fxp1 so I know that that connection works. > Good. > > > > It feels like I'm missing something obvious here. Can someone point me in > the right > > direction? > Try disabling pf and see if it works. If it does, then you'll need to > change your rules to enforce the traffic to go to their respective > gateways. Some rule like this should do: > > pass out on fxp0 from (fxp1) to any route-to fxp1 > pass out on fxp1 from (fxp0) to any route-to fxp0 > > If that do not work, try including your gateways in the rule so it become: > > pass out on fxp0 from (fxp1) to any route-to (fxp1 fxp1_gateway) > pass out on fxp1 from (fxp0) to any route-to (fxp0 fxp0_gateway)
quoting henning@: (route-to and reply-to are stupid to begin with. Avoid at all cost.) http://marc.info/?l=openbsd-misc&m=141053827907224 Bye, Marcus
