On 2010-02-09, Bret S. Lambert <bret.lamb...@gmail.com> wrote:
> On Tue, Feb 09, 2010 at 08:19:14AM +0100, Joakim Aronius wrote:
>> * Jean-Frangois SIMON (jfsimon1...@gmail.com) wrote:
>> > 2010/2/7 Bret S. Lambert <bret.lamb...@gmail.com>
>> > >
>> > > No, you'd have to so a seperate rdr line for each backend host.
>> > >
>> >
>> > Would a rule like this one work (2 lines).
>> > rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.32
>> > rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> 10.0.1.33
>>
>> You can't redirect one port to multiple machines, your options are:
>> 1) redirect different ports to different machines, i.e.:
>> rdr pass on $ext_if proto tcp from any to any port 1024:5000 -> 10.0.1.32
>> rdr pass on $ext_if proto tcp from any to any port 5001:65535 -> 10.0.1.33
>>
>> 2) get more external IP addresses.
>
> Or use tables:
>
> table <foo> = { $list_of_ips }
> rdr pass on $ext_if proto tcp from any to any port 1024:65535 -> <foo>
>
> or run relayd
<st...@zoo:~:1>$ cat << EOF | pfctl -nvf -
> match in on egress proto tcp to port 5555 rdr-to {1.1.1.1, 2.2.2.2}
> EOF
table <__automatic_0> const { 1.1.1.1 2.2.2.2 }
match in on egress inet proto tcp from any to any port = 5555 rdr-to
<__automatic_0> round-robin
<st...@postgate:~:1>$ cat << EOF | pfctl -nvf -
> rdr on bge0 proto tcp to port 5555 -> {1.1.1.1, 2.2.2.2}
> EOF
rdr on bge0 inet proto tcp from any to any port = 5555 -> { 1.1.1.1, 2.2.2.2 }
round-robin
> The OP would do well to read the PF guide on openbsd.org.
I generally find pf.conf(5) more helpful (especially the GRAMMAR
section). It's long enough that better formatting can make it a lot
more readable; if you have source installed, you can produce a
nicely-formatted postscript file:
nroff -Tps -mandoc /usr/src/share/man/man5/pf.conf.5 > /tmp/pf.conf.ps
or if you'd like a pdf and have ghostscript installed:
nroff -Tps -mandoc /usr/src/share/man/man5/pf.conf.5 |
ps2pdf - /tmp/pf.conf.pdf
