双线用pf做策略路由和负载平衡
pf.conf如下:
#接内网
lan_net = "192.168.0.0/24"
int_if = "msk0"
#接电信
ext_if1 = "fxp0"
#接网通
ext_if2 = "fxp1"
ext_gw1 = "192.168.2.248"
ext_gw2 = "10.10.10.1"
# nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
pass in all
pass out all
# default deny
#block in from any to any
#block out from any to any
#下面是策略路由
#电信的DNS走电信
pass in quick on $int_if route-to ($ext_if1 $ext_gw1) from any to {202.103.224.68 202.103.225.68}
#WEB走电信
pass in quick on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from any to any port 80
#下面是双线负载,抄书的
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep state
# general "pass out" rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pf.conf如下:
#接内网
lan_net = "192.168.0.0/24"
int_if = "msk0"
#接电信
ext_if1 = "fxp0"
#接网通
ext_if2 = "fxp1"
ext_gw1 = "192.168.2.248"
ext_gw2 = "10.10.10.1"
# nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
pass in all
pass out all
# default deny
#block in from any to any
#block out from any to any
#下面是策略路由
#电信的DNS走电信
pass in quick on $int_if route-to ($ext_if1 $ext_gw1) from any to {202.103.224.68 202.103.225.68}
#WEB走电信
pass in quick on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from any to any port 80
#下面是双线负载,抄书的
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep state
# general "pass out" rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
211
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
