Re: Help me, please.

Wed, 06 Jul 2005 07:21:25 -0700

Further, a shell script could be put as a cron job to ensure that if the default gateway goes down (ISP-A is out) then the default gateway ought to be changed to the next (ISP-B) and a monitoring starts to ensure that ISP-A comes back as default gateway when ISP-A comes back.
In the scenario described above ensure that the "networking" is quickly restarted (without rebooting the entire machine) so that everything settles down 'inside this router box'. This will give a seamless experience to end-users. 

Regards,
rka

On 06-Jul-05, at 7:05 AM, Siju George wrote:


On 7/5/05, Eugene <[EMAIL PROTECTED]> wrote:

Good day!

I need help.

I have 2 ISP connected to my FreeBSD router-firewall with pf.


I need that my local net can connect http through router and squid to 
ISP-A.
But all other pakets (POP3, SMTP, DNS, NTP, ...) would go through 
ISP-B.


My default gateway is through ISP-A.



There are many ways to do this :-)

If I were you and have to meet all conditions said above then I will

1) configure in squid.conf

http_port 127.0.0.1 8080

2) will have the following rdr rules in pf.conf

rdr on $int_if proto tcp from any to any port 80 -> 127.0.0.1 port 8080


( this will force all http through squid listening on 127.0.0.1 port 
8080)



rdr on $int_if proto tcp from any to any port 443 -> 127.0.0.1 port 
8080



( this will force all https through squid listening on 127.0.0.1 port 
8080)


3) will configure in squid.conf

tcp_outgoing_address ip.ip.ip.ip

ip.ip.ip.ip is the IP address of the interface connected to ISP-A.

This will take care of http and https going through squid

Now for forcing all other traffic through ISP-B you can use the
"route-to" option on the internal interface for example


int_if = ""                            # Enter Internal Interface 
inside quotes
ext_ifB = ""                         # Enter ISP-B's interface inside 
quotes

ISP-B_gw = ""                     # Enter ISP-B's gateway inside quotes

pass in on $int_if route-to ( $ext_ifB $ISP-B_gw ) from int_if:network
to any keep state

pass in on $int_if inet proto tcp from int_if:network to any port { 
80, 443 )


you might want to refine the sample rules or add more rules to get
your thing done.
also if you can use ISP-B as your default gateway since the majority
of traffic goes through it :-)

hope this helps

good luck

kind regards

Siju






















					Reply via email to