Hi,
I need a help to configure an openBSD server to load balance and failover
internet connection.
I have 2 connections to the internet.
I followed http://www.openbsd.org/faq/pf/pools.html#outgoing but i didn4t get
it working.
I added both routes with:
route add -mpath default 200.162.41.33
route add -mpath default 189.57.43.1
My confs are:
# cat sysctl.conf |grep inet
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4
packets
net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4
multicast packets
net.inet.ip.multipath=1 # 1=Enable IP multipath routing
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6
packets
#net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6
multicast packets
#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing
#net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be
0)
#net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions (for if tcp
is slow)
#net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window increasing
#net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol
#net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol
#net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
#net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol
#net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol
#net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
net.inet.carp.log=1 # 1=Enable logging of carp(4) packets
#net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery
#
# cat /etc/mygate
#
# cat /etc/pf.conf
lan_net = "10.10.20.0/24"
int_if = "vic0"
ext_if1 = "vic2"
ext_if2 = "vic3"
ext_gw1 = "189.57.43.1"
ext_gw2 = "200.162.41.33"
# nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
# default deny
#block in from any to any
#block out from any to any
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net to any keep state
# general "pass out" rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
# $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
#
I am able to surf at internet from my 10.10.20.0/24 machines, but when i turn
off vic3 my users lost connection.
It seems it4s using as default route the route i added first.
Help me plz.
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.24 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL
real mem = 536375296 (511MB)
avail mem = 510218240 (486MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd880,
SMBIOS rev . 2.31 @ 0xe0010 (45
entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 04/17/2006
bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000
0xcb00 0/0x1000 0xdc000/0x4000!
0xe0000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0
confi gured to compatibility, channel 1
configured to compatibility
wd0 at pciide0 channel 0 drive 0: <VMware Virtual IDE Hard Drive>
wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, DVD-ROM GDR8082N, 0L03> ATAPI 5/cdrom
remo vable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus
disabled
vga1 at pci0 dev 15 function 0 "VMware Virtual SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xec000000, size 0x4000000
drm at vga1 unsupported
bha3 at pci0 dev 16 function 0 "BusLogic MultiMaster" rev 0x01: irq 11,
BusLogic 9x xC SCSI
bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets, initiator 7
vic0 at pci0 dev 17 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 9, address
00:0 c:29:92:4d:05
vic1 at pci0 dev 18 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 10,
address 00: 0c:29:92:4d:0f
vic2 at pci0 dev 19 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 5, address
00:0 c:29:92:4d:19
vic3 at pci0 dev 20 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 11,
address 00: 0c:29:92:4d:23
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask e945 netmask ef65 ttymask ffff
mtrr: CPU supports MTRRs but not enabled
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
syncing disks... done
rebooting...
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.24 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL
real mem = 536375296 (511MB)
avail mem = 510218240 (486MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd880,
SMBIOS rev . 2.31 @ 0xe0010 (45
entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 04/17/2006
bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000
0xcb00 0/0x1000 0xdc000/0x4000!
0xe0000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0
confi gured to compatibility, channel 1
configured to compatibility
wd0 at pciide0 channel 0 drive 0: <VMware Virtual IDE Hard Drive>
wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, DVD-ROM GDR8082N, 0L03> ATAPI 5/cdrom
remo vable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus
disabled
vga1 at pci0 dev 15 function 0 "VMware Virtual SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xec000000, size 0x4000000
drm at vga1 unsupported
bha3 at pci0 dev 16 function 0 "BusLogic MultiMaster" rev 0x01: irq 11,
BusLogic 9x xC SCSI
bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets, initiator 7
vic0 at pci0 dev 17 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 9, address
00:0 c:29:92:4d:05
vic1 at pci0 dev 18 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 10,
address 00: 0c:29:92:4d:0f
vic2 at pci0 dev 19 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 5, address
00:0 c:29:92:4d:19
vic3 at pci0 dev 20 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 11,
address 00: 0c:29:92:4d:23
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask e945 netmask ef65 ttymask ffff
mtrr: CPU supports MTRRs but not enabled
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
syncing disks... done
rebooting...
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.20GHz ("GenuineIntel" 686-class) 3.27 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL
real mem = 536375296 (511MB)
avail mem = 510218240 (486MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/17/06, BIOS32 rev. 0 @ 0xfd880,
SMBIOS rev . 2.31 @ 0xe0010 (45
entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 04/17/2006
bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000
0xcb00 0/0x1000 0xdc000/0x4000!
0xe0000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0
confi gured to compatibility, channel 1
configured to compatibility
wd0 at pciide0 channel 0 drive 0: <VMware Virtual IDE Hard Drive>
wd0: 64-sector PIO, LBA, 8192MB, 16777216 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: <HL-DT-ST, DVD-ROM GDR8082N, 0L03> ATAPI 5/cdrom
remo vable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus
disabled
vga1 at pci0 dev 15 function 0 "VMware Virtual SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xec000000, size 0x4000000
drm at vga1 unsupported
bha3 at pci0 dev 16 function 0 "BusLogic MultiMaster" rev 0x01: irq 11,
BusLogic 9x xC SCSI
bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets, initiator 7
vic0 at pci0 dev 17 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 9, address
00:0 c:29:92:4d:05
vic1 at pci0 dev 18 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 10,
address 00: 0c:29:92:4d:0f
vic2 at pci0 dev 19 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 5, address
00:0 c:29:92:4d:19
vic3 at pci0 dev 20 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq 11,
address 00: 0c:29:92:4d:23
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask e945 netmask ef65 ttymask ffff
mtrr: CPU supports MTRRs but not enabled
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
arp: attempt to add entry for 200.162.41.33 on vic3 by 00:60:2e:10:1e:a3 on
vic0
arp: attempt to add entry for 200.162.41.33 on vic3 by 00:60:2e:10:1e:a3 on
vic2
#
