Quoting Steven Surdock <[EMAIL PROTECTED]>:
Rajkumar S. wrote:
...
I am note sure I understand you here correctly.
When trying to load balance connections from a local daemon (like
squid) I can use a rule like (typing from memory)
pass out on $ext_if1 route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $ext_if1 to any flags S/SA modulate state
and packets go via both gateways load balanced, But with same source
ip, that of the default gateway (usually). Only step missing
is NAting
packets on non default gateway to it's ip so that all packets exit
with correct source ip.
In fact I had used another box in front of second link just to do
NATing and load balancing was working correctly.
I have tried various combination of nat rules, but none of them were
matching. So this is the exact problem I am facing/trying to solve.
Thanks again for your answers,
Oh, interesting. I was under the impression that it would not route
properly at all. I'm not sure how to work around the NAT'ing issue
though, aside from using another box.
I have not yet looked into the code, but if some one familiar with the
code can give an indication that this is solvable (ie not some thing
fundamentally impossible to do with currant pf architecture), I can
look at the code and try to get NAT work for packets matched by "pass
out on $ext_if1 route-to" rules.
raj
