Hi,
On 5/27/06, Scott Ullrich <[EMAIL PROTECTED]> wrote:
This is a FAQ. Load balancing does not work with Squid, HAVP or any
other userland running application including PFTPX.
No, there is no work-around until true multi-path support is added to FreeBSD.
I'm currently working on a solution for this problem on openbsd, but I don't see
why the same should not work on Free. This setup provides a way for the
userland to select/use a non-default gateway. Load balancing/fail over are
yet to be designed.
This is still work in progress, and I'm happy to share my ideas/work with
anyone interested. I'm also keen on getting this to work on pfSense!!
ATM, I can get pftpx control connections through, but data connections are
still a problem. If you are only establishing single tcp connections
(unlike ftp
control/data), then things should work for you.
Here is the principle:
ext_if1 = WAN interface with default gateway
ext_gw1 = default gateway
ext_if2 = WAN2 interface
ext_gw2 = gateway on ext_if2
Setup a local IP address (ifconfig lo0 alias 127.0.0.2) which your user land
daemons will bind to before calling connect(). Then NAT any packet from
127.0.0.2 on the default WAN interface (ext_if1), but use IP address of WAN2
(ext_if2). Finally use an rdr rule to force any packet with a src IP
of ext_if2 to
ext_gw2. The pf.conf section below should make things clearer.
nat on $ext_if1 from 127.0.0.2 to any -> $ext_if2
...
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) \
from $ext_if2 to any keep state
Note: it would be elegant if the NAT rule uses a pf table with IP addresses
of currently active interfaces.
All packets with source IP 127.0.0.2 will be routed to ext_gw2. The pseudo
code for userland clients is:
fd = socket()
bind(fd, "127.0.0.2")
connect(fd, "www.google.com:80")
On OpenBSD, I have problems getting daemons to bind to 127.0.0.2 before
calling connect(), and I have to hack the source. But I suppose FreeBSD's
jail() will come in very handy here.
My primary interest is in getting pftpx working on multi WAN setups.
I'm currently running multiple instances of pftpx (bound to 127.0.0.2,
and 127.0.0.3) each sending traffic through different gateways. Based on
WAN interface status, a pf rdr rule selects the appropriate pftpx instance.
My current goal is to get ftp data connections through, any help or guidance
is much appreciated.
- Raja
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
