pf load balancing problem

Reza Muhammad Sat, 07 Aug 2004 06:23:58 -0700

Dear list;

i have question regarding pf rules,
This load balancing rule work fine, 
but  redirect external address/port to internal
address/port rules not work , it work if i skip load
balancing rules.
then another problem is, with load balancing rules.
default to block from lan to any rules not working, it
work if i skip load balancing rules.
is there any idea ? please help me..


# scrub incoming packets
scrub in all
                                                      
                                                      
                               #  nat outgoing
connections on each internet interface
nat on $ext_if1 from $lan_net to any -> $gw1
nat on $ext_if2 from $lan_net to any -> $gw2
binat on $ext_if1 from  $server_int to any ->
server_ext
# smtp access from outside and ougoing smtp
rdr on $ext_if1 proto tcp from any to $server_ext port
smtp -> $server_int port smtp
                                                      
                                                      
                               pass in on $int_if
proto tcp from $lan_net to any port 25 keep state
pass in on $ext_if proto tcp from any to  $server_int
port 25 keep state
pass out on $int_if proto tcp from any to  $server_int
port 25 keep state

# default to deny
block log all
                                                      
                                                      
                               
                                                      
                                                      
                               
# pass traffic on the loopback interface in either
direction
#pass quick on lo0 all
                                                      
                                                      
                               
# no RFC1819
#block drop in quick on $ext_if from $priv_nets to any
#block drop out quick on $ext_if  from any to
$priv_nets
                                                      
                                                      
                               
                                                      
                                                      
                              
pass in on $int_if route-to { ($ext_if1 $ext_gw1),
($ext_if2 $ext_gw2) } round-robin proto tcp from
$lan_net to any flags S/SA modulate statepass in on
$int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2
$ext_gw2) } round-robin  proto { udp, icmp } from
$lan_net to any keep state
                                                      
                                                      
                               
                                                      
                                                      
                               
# general pass out
pass out on $ext_if1 proto tcp from any to any flags
S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to
any keep state
pass out on $ext_if2 proto tcp from any to any flags
S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to
any keep state
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from
$ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from
$ext_if1 to any

regards
reza






                
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail

pf load balancing problem

Reply via email to