Re: [FUGSPBR] [OFFTOPIC] PF

Thu, 17 Jul 2003 10:21:52 -0700

rdr on $int_if proto tcp from any to any port 80 -> 127.0.0.1 port 3128


tenta trocar o ip do 127.0.0.1 para o ip da placa de rede interna ( 10.0.0.1 )

Emanoel wrote:

Galera,

estou com um problema com o pf no openbsd. N�o consigo utilizar o route-to junto com o rdr (para o squid).

Se utilizo o rdr para o squid n�o funciona o acesso a web, os demais servi�os funcionam com balanceamento corretamente.

� poss�vel fazer balanceamento do carga utilizando o route-to e rdr? Ou existe alguma outra froma de fazer isso?

Algu�m pode me ajudar?

Meu pf.conf:


##############
internal_net = "192.168.2.0/24"
int_if = "rl2"
ext_if1 = "rl0"
ext_if2 = "rl1"
ext_gw1 = "200.247.xxx.29"
ext_gw2 = "192.168.1.254"

scrub in all

nat on $ext_if1 from $internal_net to any -> ($ext_if1)
nat on $ext_if2 from $internal_net to any -> ($ext_if2)

rdr on $int_if proto tcp from any to any port 80 -> 127.0.0.1 port 3128 

pass in all
pass out all

pass quick on lo0 all
pass out on $int_if from any to $internal_net
pass in quick on $int_if from $internal_net to $int_if

pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $internal_net to any flags S/SA modulate state

pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $internal_net to any keep state

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

#################

J� procurei no google e at� agora nada :-(


[]'s

Emanoel
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/






--
-=-=-=-=-=-=-=-=-=-

    William David Armstrong
System Administrator Bio Systems.

http://biohazard.kick-ass.org:8080/
[EMAIL PROTECTED]   [EMAIL PROTECTED]
ICQ 102537476     ICQ 27550645



_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/

Responder a