User Tools
network:packet_filter:load_balance
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
network:packet_filter:load_balance [2014/03/05 09:41] tschulz |
network:packet_filter:load_balance [2014/03/05 09:44] tschulz |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| * route-to roundrobin will not work with ftp since every transfer opens up a new connection | * route-to roundrobin will not work with ftp since every transfer opens up a new connection | ||
| * use **round-robin proto tcp from $lan_net to any port !ftp flags S/SA modulate state** to exempt ftp | * use **round-robin proto tcp from $lan_net to any port !ftp flags S/SA modulate state** to exempt ftp | ||
| - | <file config pf.conf> | + | <file pf pf.conf> |
| # --------------- file /etc/pf.conf -------------------- | # --------------- file /etc/pf.conf -------------------- | ||
| lan_net = "10.1.0.0/22" | lan_net = "10.1.0.0/22" | ||
| Line 33: | Line 33: | ||
| ====== Route traffic based on destination ====== | ====== Route traffic based on destination ====== | ||
| + | * packet filter matches on the last rule that matches, so start with a generic rule and get more specific as you write the config file. | ||
| <file> | <file> | ||
| pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto tcp from <dynamic_ips> to <ext_nets> port {80} flags S/SA modulate state | pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto tcp from <dynamic_ips> to <ext_nets> port {80} flags S/SA modulate state | ||
| Line 41: | Line 42: | ||
| </file> | </file> | ||
| - | |||
network/packet_filter/load_balance.txt · Last modified: 2014/03/05 09:44 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
