|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Using multiple gateways
Hello,
Could I have two gateways for my PC? Here is an example setup: ===================== NIC - rl0 - IP 192.168.0.50 GW1 - IP 192.168.0.1 GW2 - IP 10.10.10.1 ===================== All of these is connected via simple switches and cables into one network. In order to reach the second GW, should I put an alias for rl0 with IP in 10.10.10.0/24 network, or just add a static route to that network via rl0? More - I want to be able to use both gateways to access Internet. Every of the two shapes its clients to a X Mbit speed, so I want to have total of 2*X Mbit connection. I know about adding static routes, and I could set one of the GWs to be used for accessing specific addresses or networks, but I want to dynamically change routes on round-robin basis. This is how I think of it in a timeline: - GET page from www.host1.com - GW1 is used - GET page from www.host2.com - GW2 is used - connect to ICQ - GW1 is used - ssh to server1.com - GW2 is used and so on... Is there a pf based solution for this? I think I've seen something like 'probability match' somewhere in the manual - can I use it? Oh, and why I can't find anything on 'freebsd load balancing' in Google? Is there a reason for this, or just I'm misunderstanding the terms? |
|
|||
Have a look at http://openbsd.org/faq/pf/pools.html#outgoing
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
I've tried to do something with route-to, but no success. Here is the exact situation:
Here is my routing table for IPv4 (I'm not using IPv6, so everything here will be about IPv4): Code:
[ivanatora] /etc# netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.1 UGS 0 66819 rl0 127.0.0.1 127.0.0.1 UH 0 6746 lo0 192.168.0.0/24 link#1 UC 0 0 re0 192.168.0.255 ff:ff:ff:ff:ff:ff UHLWb 1 259 re0 192.168.1.0/24 link#2 UC 0 0 rl0 192.168.1.1 00:19:e0:a0:79:e6 UHLW 2 0 rl0 940 192.168.1.255 ff:ff:ff:ff:ff:ff UHLWb 1 261 rl0 194.145.63.12 192.168.0.1 UGHS 0 60 re0 Here is my pf.conf: Code:
### Macros int_if = "re0" ext_if = "rl0" ext_ip = "192.168.1.2" tcp_services = "{80, https, ssh, domain, 5190, 5222, ftp, whois, 18768, 6881:6889, 1025, 6921}" udp_services = "{domain, 5190, 5222, ftp, whois, 18768, 1025, 137:139, 6921}" ### Tables table <aonsu_net> { 192.168.0.34, 192.168.0.223 } ### Options set block-policy return ### Normalizations scrub in all ### Queueing ### Translation nat pass on $ext_if from <aonsu_net> to any -> $ext_ip # NAT for two other PCs, I don't think it is important, but I decided to show you my full pf.conf ### Filtering pass on $int_if from <aonsu_net> to any pass on $ext_if from any to <aonsu_net> pass on $ext_if proto tcp to any port $tcp_services pass on $ext_if proto udp to any port $udp_services pass in on $ext_if proto tcp from any to 192.168.1.2 port 220 label "ssh:)" # here I've tried some features of PF - labeling pass out on $ext_if proto tcp to any port 80 label "outgoing http" #pass out on $ext_if route-to { 192.168.1.1, 192.168.0.1 } round-robin from 192.168.1.2 to any # I've tried that, don't work # I've tried these two at the same time - there was example in that way on http://openbsd.org/faq/pf/pools.html#outgoing #pass out log (to pflog0) on $int_if route-to ( $ext_if 192.168.1.1 ) from $ext_ip to any #pass out log (to pflog1) on $ext_if route-to ( $int_if 192.168.0.1 ) from 192.168.0.68 to any #doesn't work too #pass in on $ext_if route-to { ($ext_if 192.168.1.1) , ($int_if 192.168.0.68) } round-robin from self to any # I've tried this one, too - doesn't work pass in on $ext_if route-to ( $ext_if 192.168.1.1 ) from $ext_ip to any Actually I will try that tomorrow when I get physical access to my PC (I don't want to get cut off ssh ) Oh, and something else - in one case I've tried logging packets to pflog0 and pflog1. When I fire tcpdump on these interfaces I see not a single packet captured. Could it be that no packet matches these filtering rules? Last edited by ivanatora; 9th November 2008 at 04:44 PM. |
|
|||
From http://openbsd.org/faq/pf/pools.html#outgoing
Quote:
Code:
INTERNET INTERNET | | | | | | adj. adj. router router 80.0.0.254 22.0.0.254 | | | | | | | | | | ----|-----------------|------ | re0 fxp0 | | 80.0.0.1 22.0.0.1 | | | | gateway/firewall | | | | rl0 | | 192.168.0.1 | -----------|------------------ | | | internal lan
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
How comes that their setup is different than mine? IMHO, it is exactly the same The location of the internal lan? I don't put it in the game at all. Or do I *need* an internal LAN + 3rd NIC in order to work load balancing?
Btw, I tried with default gateway removed (route del -net 0.0.0.0 192.168.1.1), and in that case there is no outgoing connection trough that link at all. I thought PF will manage routes with that *route-to* keyword, but it seems PF has nothing common with these routes. Hmmm, something else - is there a daemon that manages routes on dynamic manner? If yes, can I use it in my case? |
|
|||
The same? I neither don't see the addresses of the adjacent routers in your diagram, nor mentioned in your pf.conf
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
Errr, what?
These boxes with IPs - 192.168.0.1 and 192.168.1.1 - are the adjacent routers. I had not stated it clear enough or someone is not wearing his glasses? :P |
|
|||
The big difference is that you are using RFC 1918 addresses an not public ones. For the load balancing ruleset of the OpenBSD user guide you need public IPs.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
dhcpd and multiple subnets | vdubjunkie | OpenBSD General | 5 | 11th March 2009 11:02 PM |
Obtaining multiple IPs from ISP via DHCP | dextro | General software and network | 15 | 9th January 2009 02:36 AM |
Multiple VPN | rondynames | OpenBSD General | 5 | 24th July 2008 11:51 AM |
Multiple instances of Opera | ebzzry | FreeBSD General | 7 | 24th July 2008 03:53 AM |
Problems with multiple ISP connections | ebzzry | FreeBSD General | 2 | 1st July 2008 11:32 PM |