Olha... veja bem...vc precisar usar a opcao "outgoing_address" do squid, pra redirecionar as acls que vc quer que saiam pelo outro gateway, porem, com isso, o squid soh muda o cabecalho do ip, ae, no pf, vc tem q fazer o redirect disso para o segundo dg
Em 23/11/06, João David Prevedello<[EMAIL PROTECTED]> escreveu: > Pessoal estou tentando fazer um server com dois links de internet e squid. > Porem o squid só funciona com o Link que é defaultgateway do servidor. > > Ja dei uma pesquisada e vi histórico na lista de pessoas que passaram por isso > porem não achei solução. > > Se eu retirar o squid o round-robin ta beleza, hora sai pelo link1 hora pelo > link2. > > O problema é se eu tiver que sair apenas pelo link2, pelo que vi teria que > alterar até o default gateway? O PF não consegue gerenciar isso? > > No caso de usar os dois com round-robin o squid sai só pelo default? tenho > como fazer ele gerenciar e sair pelos dois também? > > Se alguem puder ajudar ai. > > Abaixo meu PF.conf > > ####################################################################### > #Geralzao > ####################################################################### > set optimization high-latency > scrub in all > > WAN_PDH = "wi0" > WAN_ADSL = "fxp0" > ADMIN = "xl0" > HOTEL = "rl0" > GW_PDH = "10.0.0.254" > GW_ADSL = "200.228.39.193" > > REDE_HOTEL = "10.0.0.0/24" > REDE_ADMIN = "192.168.1.0/24" > > IP_PDH = "10.0.0.200" > IP_ADSL = "200.228.39.210" > > ####################################################################### > #QoS WAN_PDH > ####################################################################### > altq on $WAN_PDH hfsc bandwidth 100Mb queue { defup_pdh, admup_pdh } > queue defup_pdh bandwidth 800Kb hfsc(default) > queue admup_pdh bandwidth 1Mb hfsc(linkshare 1Mb) > > ####################################################################### > #QoS WAN_ADSL > ####################################################################### > altq on $WAN_ADSL hfsc bandwidth 100Mb queue { defup_adsl, admup_adsl } > queue defup_adsl bandwidth 2Mb hfsc(default) > queue admup_adsl bandwidth 2Mb hfsc(linkshare 1Mb) > > ####################################################################### > #QoS REDE Interna > ####################################################################### > altq on $ADMIN hfsc bandwidth 100Mb queue { defdw_lan, admdw_lan, pdhdw_lan, > adsldw_lan } > queue defdw_lan bandwidth 128Kb hfsc (default) > queue admdw_lan bandwidth 1Mb hfsc (linkshare 1Mb) > queue pdhdw_lan bandwidth 800Kb hfsc (linkshare 800Kb) > queue adsldw_lan bandwidth 2Mb hfsc (linkshare 2Mb) > > > ######################################################################## > #Tabelas > ####################################################################### > > table <msn> persist file "/etc/firewall/msn" > table <orkut> persist file "/etc/firewall/orkut" > table <bloqueado> persist file "/etc/firewall/orkut" > table <excessao> persist file "/etc/firewall/excessao" > > ####################################################################### > #Controle do Squid > ####################################################################### > rdr on $ADMIN proto tcp from $REDE_ADMIN to !<excessao> port 80 -> 127.0.0.1 > port 3128 > > ####################################################################### > #Redirecionamentos Externo para maquinas internas > ####################################################################### > > #Cameras > #rdr on $WAN_PDH proto tcp from any to $IP_PDH port 1100 -> 192.168.1.200 port > 1100 > > #Jonis > #rdr on $WAN_PDH proto tcp from any to $IP_PDH port 5500 -> 192.168.1.130 port > 5500 > > ####################################################################### > #Controle do NAT > ####################################################################### > > #NAT Empresa Cim-Team > nat on $WAN_PDH from $REDE_ADMIN to any -> ($WAN_PDH) > nat on $WAN_ADSL from $REDE_ADMIN to any -> ($WAN_ADSL) > > > ############################################################################################ > #Solucao do problema do FTP > ############################################################################################ > nat-anchor "ftp-proxy/*" > rdr-anchor "ftp-proxy/*" > rdr on $ADMIN proto tcp from any to any port 21 -> 127.0.0.1 port 8021 > > ############################################################################################ > #Redirect DNS para Localhost > ############################################################################################ > rdr on $ADMIN proto udp from any to any port 53 -> 127.0.0.1 port 53 > > ####################################################################### > #Liberacoes > ####################################################################### > > #Bloqueio de MSN > #pass quick on $ADMIN from <msn_liberado> to <msn> > #Bloqueio de Orkut > #pass quick on $ADMIN from <orkut_liberado> to <orkut> > > ####################################################################### > #Bloqueios > ####################################################################### > > #MSN > #block quick on $ADMIN from any to <msn> label block-msn > #Orkut Rede PDH > #block quick on $ADMIN from any to <orkut> label orkut > > ####################################################################### > #Controles de Banda > ####################################################################### > > pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) } > round-robin proto tcp from $REDE_ADMIN to any flags S/SA modulate state > pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) } > round-robin proto { udp, icmp } from $REDE_ADMIN to any keep state > > pass out on $WAN_PDH proto tcp from any to any flags S/SA modulate state > pass out on $WAN_PDH proto { udp, icmp } from any to any keep state > pass out on $WAN_ADSL proto tcp from any to any flags S/SA modulate state > pass out on $WAN_ADSL proto { udp, icmp } from any to any keep state > > pass out on $WAN_PDH route-to ($WAN_PDH $GW_PDH) from $WAN_PDH to any > pass out on $WAN_ADSL route-to ($WAN_ADSL $GW_ADSL) from $WAN_ADSL to any > > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- Atenciosmente Mario Augusto Mania <m3BSD> ----------------------------------------------- [EMAIL PROTECTED] Cel.: (43) 9938-9629 Msn: [EMAIL PROTECTED] ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd