On Mon, May 06, 2019 at 10:47:39PM +0200, Thomas Huber wrote: > Hi tech@, > > after struggeling a while to setup a load-balancer, I´ve finaly managed it. > At least not as I originally had in mind but it works. > > During this kind of learning process I read the faq quite often and over > again. > Now, after I dived into the rabit-hole of pf I think the /faq/pf/pools.html > site is little outdated and leads in the wrong directions when getting > started. > > My attached diff basically simplifies (from my point of view) the sections > for > loadbalancing outgoing traffic. I make havy use of interface modifiers - > which > are awesome btw - in the examples and removed some unnecessary rules in the > pf.conf example at the bottom. For me it gets more clear to read an example > with > this modifiers than an random IP adress or named macros. > Also I removed the special treatment of https connections. I´ld say that the > majority of http connections are https and the there are less "broken" > webapps > out there that utilize the IP for a login-session. Actually I didn´t came > across > this problems in the wild. But I put a hint how to handle it a the bottom > (stolen from the NAT section) but I would give this a priority anymore. > > And and I added the 'least-state' method to introduction. > > And it my first diff and my first contribution... hope its technicaly done > right > The diff is created wit git from the repo hosted on github.com: > > diff --git faq/pf/pools.html faq/pf/pools.html [...] > <pre class="cmdbox"> > -lan_net = "192.168.0.0/24" > -int_if = "dc0" > -ext_if1 = "fxp0" > -ext_if2 = "fxp1" > -ext_gw1 = "198.51.100.100" > -ext_gw2 = "203.0.113.200" > - > -# nat outgoing connections on each internet interface > -match out on $ext_if1 from $lan_net nat-to ($ext_if1) > -match out on $ext_if2 from $lan_net nat-to ($ext_if2) > +match out on pppoe0 from em0:network nat-to (pppoe0:0) > +match out on em2 from em0:network nat-to (em2:0)
Hi I have no opinion about the technical changes, but you must keep the macros instead of adding your interface names and addresses everywhere in the examples instead of using the macros.
