On Thu, Aug 10, 2006 at 11:51:31AM -0700, ben wrote:
> I'm attempting to configure pf in a way similar to what is described here:
> http://openbsd.org/faq/pf/rdr.html#rdrnat
>
> The main difference is I want to do this with a single interface and I
> want to use it as a load balancing solution. Using rdr to redirect
> across a pool of web servers and using nat to translate the source
> addresses so the addresses appear correct in the httpd logs rather
> than having the source address of the interface that redirected the
> traffic. All the IP addresses are on routable networks and the "load
> balancing" pf box lives inside the network on a routable IP itself,
> it's also going to be a machine dedicated only to this task.
>
> A person I work with came up with the idea a few months ago but so far
> I haven't been able to get his rules (or something like them) to work.
>
> Here are the rules I am using:
>
> if = "fxp0"
> loadbalancer = "24.1.1.50" # this is the ip of the "load balancer"
> itself, or the "cluster ip"
> table <servers> { 24.1.1.2, 24.1.1.3 } persist
>
> nat on $if proto tcp from any to <servers> port 80 -> $loadbalancer
> rdr on $if proto tcp from any to $loadbalancer port 80 -> <servers>
> round-robin
>
>
> Like I said, this configuration currently is not working but I think
> it demonstrates more or less what I'm trying to do.
>
> I'm looking for better ways this can be done or help getting this
> configuration to work..
As noted, pf won't do this without some additional networking. There are
many user-level proxies, though - pound was posted to ports@ recently,
net/pen does something similar, stock Apache will work as a proxy
server, and Squid is the standard solution.
Joachim
