DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 23rd May 2012
eherrera eherrera is offline
New User
 
Join Date: May 2012
Posts: 2
Thanked 0 Times in 0 Posts
Default Load balancing network traffic with PF

I have OpenBSD running as a firewall in a PC with 3 network interfaces, one is used for the intranet and teh other two for the external network and i was expecting to do Load Balancing to improve the two external connections use so i found this code at the PF FAQ

Code:
lan_net = "192.168.0.0/24"
int_if  = "dc0"
ext_if1 = "fxp0"
ext_if2 = "fxp1"
ext_gw1 = "aaa.bbb.ccc.ddd"
ext_gw2 = "eee.fff.ggg.hhh"

#  nat outgoing connections on each internet interface
match out on $ext_if1 from $lan_net nat-to ($ext_if1)
match out on $ext_if2 from $lan_net nat-to ($ext_if2)

#  default deny
block in
block out

#  pass all outgoing packets on internal interface
pass out on $int_if to $lan_net
#  pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
#  load balance outgoing traffic from internal network. 
pass in on $int_if from $lan_net \
    route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } \
    round-robin
#  keep https traffic on a single connection; some web applications,
#  especially "secure" ones, don't allow it to change mid-session
pass in on $int_if proto tcp from $lan_net to port https \
    route-to ($ext_if1 $ext_gw1)

#  general "pass out" rules for external interfaces
pass out on $ext_if1
pass out on $ext_if2

#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2
pass out on $ext_if1 from $ext_if2 route-to ($ext_if2 $ext_gw2)
pass out on $ext_if2 from $ext_if1 route-to ($ext_if1 $ext_gw1)
I supoused to do exetly what a want, the problem comes at

Code:
#  keep https traffic on a single connection; some web applications,
#  especially "secure" ones, don't allow it to change mid-session
pass in on $int_if proto tcp from $lan_net to port https \
    route-to ($ext_if1 $ext_gw1)
here is my question, what happens if ext_if1 is down? is there some how to recognice when an interface is down and switch among them?

Last edited by ocicat; 23rd May 2012 at 11:15 PM. Reason: redacting public IP addresses -- spammers may harvest these...
Reply With Quote
 

Tags
load balancing, network backup, pf

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How to stop network traffic fighting like cat and dog J65nko News 0 29th November 2011 10:18 AM
Feasibility: "Load Balance Outgoing Traffic" with 2 NICs only Tramboi FreeBSD Security 3 29th April 2010 09:13 AM
Load balancing on fbsd drhowarddrfine General software and network 2 28th December 2008 03:49 AM
pf, hfsc and load balancing hamba FreeBSD Security 5 15th October 2008 10:08 PM
Load balancing cluster. bigb89 General software and network 16 3rd July 2008 09:28 PM


All times are GMT. The time now is 03:48 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick