Hi List, I am trying to load balance outgoing web traffic ( http , https ) with failover feature with PF.
i.e - Load balance port 80 and 443 web traffic from our LAN between both ISP's. If one ISP goes down the other will take on 100% of the web traffic My PF firewall (OpenBSD 5 - 64 bit) has 4 network cards. they are as follows #dmz interface dmz_if="ne0" #wan interface wan_if="ne1" #adsl interface adsl_if="ne2" #internal interface - LAN interface int_if="pcn0" Squid is running as transparent proxy. So , All LAN PCs access internet ( port 80 traffic ) via squid proxy. Currently, default route has been set to adsl router. ip of adsl router is in /etc/mygate file. without changing /etc/mygate file ( i.e - without removing /etc/mygate ), I want to load balance outgoing web traffic ( http and https ) with failover. I think it is possible. I am trying with route-to option. But, I still can NOT achieve it. here are a few sites I am studying. http://www.openbsd.org/faq/pf/pools.html#outgoing anyway, In the above URL, Squid is NOT included. here's another. ( Squid is NOT included there too. ) https://calomel.org/pf_config.html Example is - Two external ISP connections using route-to and round-robin I do need squid for port 80 traffic. ( http ) How , Can I achieve it ? here are a few rules in pf.conf # options set block-policy return set loginterface $adsl_if set skip on lo # match rules match out on $adsl_if from $lan_net nat-to ($adsl_if) match out on $wan_if from $lan_net nat-to ($wan_if) # filter rules block in log #block out log pass out quick log antispoof quick for { lo $int_if } # for squid pass in log on $int_if proto tcp from $lan_net to any port 80 \ rdr-to 127.0.0.1 port 3128 Could you pls help me to solve it? If you need more info, I would like to provide. -- Thank you Indunil Jayasooriya
