I have written a target for this: www.glsys.eu/iface
Thanks for your reply, I'm not sure this would help me in my situation for 2
reasons:
Firstly doesn't it just report on the state of the interface, I need to know
if any intermediary router/line is down after the interface, this is why i
was using ping to check known remote sites.
Secondly my rules are fairly complex and trying to design in dynamic checks
in the ruleset is probably too complicated. For example i have 4 lines at
the minute which are load balanced, i would need to repeat the rules 15
times to cover all combinations of lines up/down. It seems simpler to
generate a new ruleset based on the active lines when a change is detected.
any other ideas gratefully received
Swifty
John Lister írta:
Hi, I have a multihomed machine to which i'd like to check the status of
each line periodically. I want to do this so that I can modify the
iptables rules and send new connections out over the active lines and
restore service when the line comes back up.
I thought I could use ping with the -I option, but that doesn't seem to
work, it always uses the default route. However if I get rid of the
default route and modify the rules to match the packets I get a "network
unreachable" message without it ever hitting iptables. For example adding
something like this never gets matched for the ping.
iptables -t mangle -I OUTPUT -j LOG --log-prefix "output: "
Normally ping results in ICMP messages being traversed, but not this
time.
Could someone explain what is going on and I'd be grateful if there were
any suggestions on other ways to detect if a line is down - simply
looking in /proc/net/dev or similar wouldn't help as the local connection
is likely to be up, but the physical line to the ISP may be down.
Thanks
John
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
