User Tools
network:packet_filter:load_balance
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
network:packet_filter:load_balance [2014/03/05 09:44] tschulz [Route traffic based on destination] |
network:packet_filter:load_balance [2014/03/05 09:44] (current) tschulz [Route traffic based on destination] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| * route-to roundrobin will not work with ftp since every transfer opens up a new connection | * route-to roundrobin will not work with ftp since every transfer opens up a new connection | ||
| * use **round-robin proto tcp from $lan_net to any port !ftp flags S/SA modulate state** to exempt ftp | * use **round-robin proto tcp from $lan_net to any port !ftp flags S/SA modulate state** to exempt ftp | ||
| - | <file config pf.conf> | + | <file pf pf.conf> |
| # --------------- file /etc/pf.conf -------------------- | # --------------- file /etc/pf.conf -------------------- | ||
| lan_net = "10.1.0.0/22" | lan_net = "10.1.0.0/22" | ||
| Line 34: | Line 34: | ||
| ====== Route traffic based on destination ====== | ====== Route traffic based on destination ====== | ||
| * packet filter matches on the last rule that matches, so start with a generic rule and get more specific as you write the config file. | * packet filter matches on the last rule that matches, so start with a generic rule and get more specific as you write the config file. | ||
| - | <file> | + | <file pf> |
| pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto tcp from <dynamic_ips> to <ext_nets> port {80} flags S/SA modulate state | pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto tcp from <dynamic_ips> to <ext_nets> port {80} flags S/SA modulate state | ||
| pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto {udp,icmp} from <dynamic_ips> to <ext_nets> keep state | pass in on $int_if route-to { ($ext_if1 $ext_gw1),($ext_if1 $ext_gw1),($ext_if2 $ext_gw2) } round-robin proto {udp,icmp} from <dynamic_ips> to <ext_nets> keep state | ||
network/packet_filter/load_balance.1394034263.txt.gz · Last modified: 2014/03/05 09:44 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
