Round-robin + Squid + 3 ISP

Sat, 16 Jan 2010 04:02:16 -0800 

Hello to all,

I'm trying to setup a Multiwan OpenBSD firewall. I need to use Squid
but I cannot setup with rdr and round-robin.. Whe I config rdr options
never goes out for WWW... I paste my config .. One ISP it's default
gw , I need to do this becouse FTP trought Nat and round-robin doesn't
works.. But with this setup works fine. With round-robin I get
loadbalancing for web surfing.. but with rdr not works.. =BFsomeone know
why?

an_net =3D "192.168.10.0/24"
int_if  =3D "re0"
ext_if1 =3D "em0"
ext_if2 =3D "em1"
ext_if3 =3D "re1"
ext_gw1 =3D "192.168.4.1"  #a
ext_gw2 =3D "192.168.3.1"  #b
ext_gw3 =3D "192.168.1.1"  #c Default GW /etc/mygate


set limit frags 30000
set reassemble yes
match in all scrub ( no-df random-id  )
set skip on lo

# Nat Definitions
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
nat on $ext_if3 from $lan_net to any -> ($ext_if3)


# Block and log all by default
block log (all)



pass out on $int_if from any to $lan_net
pass in quick on $int_if from $lan_net to $int_if


# FTP

nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr pass on ! egress proto tcp to port { ftp, 9021 } -> 127.0.0.1 port
8021
anchor "ftp-proxy/*"
pass in quick on $int_if route-to { ( $ext_if3 $ext_gw3 ) } proto
{ tcp, udp } from any to any port 21 keep state
pass in quick on $int_if route-to { ( $ext_if3 $ext_gw3 ) } proto
{ tcp, udp } from any to any port 9021 keep state
pass out quick on $ext_if3



pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }  round-robin \
proto tcp from $lan_net to any port http

pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto {udp, icmp} from $lan_net to any keep state


pass out quick on {$ext_if1, $ext_if2} proto tcp from any to any keep
state   #  TCP
pass out quick on {$ext_if1, $ext_if2} proto {udp, icmp} from any to
any keep state  #  UDP


pass out quick on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2
to any keep state
pass out quick on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1
to any keep state

Reply via email to