On 2010/01/17 12:08, Steven Surdock wrote: > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf > Of > > Stuart Henderson > > Sent: Sunday, January 17, 2010 6:20 AM > > To: mashenko shenua > > Cc: [email protected] > > Subject: Re: Round-robin + Squid + 3 ISP > > > > On 2010/01/16 22:00, mashenko shenua wrote: > > > Can you try it??. Some people tell me I can't use Squid with > > > round-robin.. I see this for pfsense : > > > > > > http://forum.pfsense.org/index.php?topic=7591.msg42943 > > > > .. > > > > Thinking about it some more, perhaps this isn't possible with old > > PF where nat was handled separately from filter rules; you might need > > -current to do this... > > I think I have seen references to using, > nat on $ext1 from "self" to any -> ($ext1) > nat on $ext1 from $internal_net to any -> ($ext1) > nat on $ext2 from "self" to any -> ($ext2) > nat on $ext2 from $internal_net to any -> ($ext2)
Ah, that happens before route-to, so you could probably do round-robin nat to a couple of addresses, and then have route-to punt them to the correct interface. But I can't test it, any systems that I can experiment on have been running PF with the new NAT code for several months.. > To guarantee correct outbound addressing. IMHO, this is something that > Squid should handle... Well, it's also something PF should handle, there are any number of reasons you might want to load-balance and you can't expect every app that makes an outgoing network connection to have a way to set the source address. Looks like you can do it with squid 3 using a random ACL.
