There is documentation and a quick-and-dirty example in the PF
User's Guide:
http://openbsd.org/faq/pf/pools.html#outgoing
On Tue, Aug 23, 2011 at 03:00:51AM -0700, elerdin wrote:
Hallo, I have two internet connections and I want to use both with a
round-robin load balancing, only for outgoing
Jose Mejia wrote:
Hi all here we go again with that matter :
We've a firewall with 4 interfaces (2 outside to two differents routers and
ISPs,1 inside and 1 DMZ),the machine is running a Squid web proxy too, we
wanna make balancing on outgoing connections only for the web traffic, we
have
Hi
Since all interfaces have 192.168.x.x ips then are you sure whats are
ips and netmasks ot you routers.If you routers have different netmask
than yours.
Please use pfctl -vsr and see what rules are evaluationed.Use pftop
from ports to debug connections.
Cheers
Tihomir
--- Jose Mejia [EMAIL
Hi Tihomir...thks for the response
I think SQUID is running fine, my default gw is ext_if, I was playing with
multipath too without
results.the conf file is really in disorder due to the try-out and
continous changes, I'm sorry
Now I'm not with the machine, but tomorrow I'll post
--- Jose Mejia [EMAIL PROTECTED] wrote:
Hi all here we go again with that matter :
We've a firewall with 4 interfaces (2 outside to two differents
routers and
ISPs,1 inside and 1 DMZ),the machine is running a Squid web proxy
too, we
wanna make balancing on outgoing connections only
Down rule will work if your default gateway is on $ext_if
pass out quick on $ext_if route-to ($ext_if2 $ext_gw2) from any to any port
www keep state probability 50%
It doesn't work either, I didn't debug it, but it seems packets going out
from ext_if2 are coming back to ext_if 1 too
The
[EMAIL PROTECTED] wrote:
Hi all :
We've a firewall with 4 interfaces (2 outside to two
differents routers and
ISP,1 inside and 1 DMZ),the machine is running a Squid web proxy too,
we wanna make balancing on outgoing connections only for the
web traffic, we
have get to do that, and now the
Hi Stevethat's the problem, maybe the NAT rules are not right, (i've
tried with others without result)
but i think the key is in the stateful inspection...or maybe all the
idea is not well configured
Greetings
Jose M
Hi all :
We've a firewall with 4 interfaces (2 outside to
Lucas wrote:
i have done it this way, but still have some problems:
10.1.1.1 (M)
|---gw1 - |
LAN--| || - WAN
|---gw2 - |
(10.1.1.1) (B)
gw2 just have a backup carp interface
gw1 is carp master with
i tried with it, but it works if i have a machine in the middle. like this:
GW2
LAN - obsd (load balancer with route-to) -- GW1 WAN
Hi
Can you post your pf.conf and output from ifconfig?
--- Lucas [EMAIL PROTECTED] wrote:
i tried with it, but it works if i have a machine in the middle. like
this:
GW2
LAN - obsd (load balancer with
On 09/22/2005 04:51:37 PM, Lucas wrote:
i have done it this way, but still have some problems:
I am sorry. I'm afraid I may not have understood your
initial diagram. (I like to see the machines, with
each interface and it's assigned IP, and the network
number/netmask of the networks
i have done it this way, but still have some problems:
10.1.1.1 (M)
|---gw1 - |
LAN--| || - WAN
|---gw2 - |
(10.1.1.1) (B)
gw2 just have a backup carp interface
gw1 is carp master with 10.1.1.1
nat is
On Wed, 21 Sep 2005 17:05:23 -0300
Lucas [EMAIL PROTECTED] wrote:
i'm working with 3 gateways and want to load balance between them.
after a failure with layer 2 (carp arpbalance) balancing, i tried to
do it with pf.
the most logical way to do it is with a machine before the gateways
On Wed, Mar 23, 2005 at 10:47:34PM -0800, Kevin wrote:
yet this does not:
rdr on $ext proto tcp from any to web_servers_ext port 80 - \
web_servers_int round-robin sticky-address
There was a bug fixed recently where pf would fail to select a
translation when a rule did
yet this does not:
rdr on $ext proto tcp from any to web_servers_ext port 80 -
\
web_servers_int round-robin sticky-address
There was a bug fixed recently where pf would fail to select a
translation when a rule did not have an explicit (or implicit) address
On Mon, Nov 15, 2004 at 05:22:36PM -0500, dormando wrote:
I understand there's software like slbd which will add/remove servers
from a round-robin mechanism, but I would like to know if there are
any current plans for expanding on PF's internal load balancing
systems? I won't put out a
On Aug 7, 2004, at 03:05, Reza Muhammad wrote:
binat on $ext_if1 from $server_int to any - server_ext
Why do you need this line? I'm currently doing a simply RDR (like you
do further in your pf.conf) and have a PASS rule. Here are the relevant
lines from my pf.conf:
[...]
rdr on $ext_all proto
18 matches
Mail list logo
