On 7/5/05, Eugene <[EMAIL PROTECTED]> wrote:
> Good day!
>
> I need help.
>
> I have 2 ISP connected to my FreeBSD router-firewall with pf.
>
> I need that my local net can connect http through router and squid to ISP-A.
> But all other pakets (POP3, SMTP, DNS, NTP, ...) would go through ISP-B.
>
> My default gateway is through ISP-A.
>
There are many ways to do this :-)
If I were you and have to meet all conditions said above then I will
1) configure in squid.conf
http_port 127.0.0.1 8080
2) will have the following rdr rules in pf.conf
rdr on $int_if proto tcp from any to any port 80 -> 127.0.0.1 port 8080
( this will force all http through squid listening on 127.0.0.1 port 8080)
rdr on $int_if proto tcp from any to any port 443 -> 127.0.0.1 port 8080
( this will force all https through squid listening on 127.0.0.1 port 8080)
3) will configure in squid.conf
tcp_outgoing_address ip.ip.ip.ip
ip.ip.ip.ip is the IP address of the interface connected to ISP-A.
This will take care of http and https going through squid
Now for forcing all other traffic through ISP-B you can use the
"route-to" option on the internal interface for example
int_if = "" # Enter Internal Interface inside quotes
ext_ifB = "" # Enter ISP-B's interface inside quotes
ISP-B_gw = "" # Enter ISP-B's gateway inside quotes
pass in on $int_if route-to ( $ext_ifB $ISP-B_gw ) from int_if:network
to any keep state
pass in on $int_if inet proto tcp from int_if:network to any port { 80, 443 )
you might want to refine the sample rules or add more rules to get
your thing done.
also if you can use ISP-B as your default gateway since the majority
of traffic goes through it :-)
hope this helps
good luck
kind regards
Siju
