[FUG-BR] PF + Round-robin + squid
João David Prevede llo
jd em prevedello.inf.br
Quinta Novembro 23 14:11:51 BRST 2006
Pessoal estou tentando fazer um server com dois links de internet e squid.
Porem o squid só funciona com o Link que é defaultgateway do servidor.
Ja dei uma pesquisada e vi histórico na lista de pessoas que passaram por isso
porem não achei solução.
Se eu retirar o squid o round-robin ta beleza, hora sai pelo link1 hora pelo
link2.
O problema é se eu tiver que sair apenas pelo link2, pelo que vi teria que
alterar até o default gateway? O PF não consegue gerenciar isso?
No caso de usar os dois com round-robin o squid sai só pelo default? tenho
como fazer ele gerenciar e sair pelos dois também?
Se alguem puder ajudar ai.
Abaixo meu PF.conf
#######################################################################
#Geralzao
#######################################################################
set optimization high-latency
scrub in all
WAN_PDH = "wi0"
WAN_ADSL = "fxp0"
ADMIN = "xl0"
HOTEL = "rl0"
GW_PDH = "10.0.0.254"
GW_ADSL = "200.228.39.193"
REDE_HOTEL = "10.0.0.0/24"
REDE_ADMIN = "192.168.1.0/24"
IP_PDH = "10.0.0.200"
IP_ADSL = "200.228.39.210"
#######################################################################
#QoS WAN_PDH
#######################################################################
altq on $WAN_PDH hfsc bandwidth 100Mb queue { defup_pdh, admup_pdh }
queue defup_pdh bandwidth 800Kb hfsc(default)
queue admup_pdh bandwidth 1Mb hfsc(linkshare 1Mb)
#######################################################################
#QoS WAN_ADSL
#######################################################################
altq on $WAN_ADSL hfsc bandwidth 100Mb queue { defup_adsl, admup_adsl }
queue defup_adsl bandwidth 2Mb hfsc(default)
queue admup_adsl bandwidth 2Mb hfsc(linkshare 1Mb)
#######################################################################
#QoS REDE Interna
#######################################################################
altq on $ADMIN hfsc bandwidth 100Mb queue { defdw_lan, admdw_lan, pdhdw_lan,
adsldw_lan }
queue defdw_lan bandwidth 128Kb hfsc (default)
queue admdw_lan bandwidth 1Mb hfsc (linkshare 1Mb)
queue pdhdw_lan bandwidth 800Kb hfsc (linkshare 800Kb)
queue adsldw_lan bandwidth 2Mb hfsc (linkshare 2Mb)
########################################################################
#Tabelas
#######################################################################
table <msn> persist file "/etc/firewall/msn"
table <orkut> persist file "/etc/firewall/orkut"
table <bloqueado> persist file "/etc/firewall/orkut"
table <excessao> persist file "/etc/firewall/excessao"
#######################################################################
#Controle do Squid
#######################################################################
rdr on $ADMIN proto tcp from $REDE_ADMIN to !<excessao> port 80 -> 127.0.0.1
port 3128
#######################################################################
#Redirecionamentos Externo para maquinas internas
#######################################################################
#Cameras
#rdr on $WAN_PDH proto tcp from any to $IP_PDH port 1100 -> 192.168.1.200 port
1100
#Jonis
#rdr on $WAN_PDH proto tcp from any to $IP_PDH port 5500 -> 192.168.1.130 port
5500
#######################################################################
#Controle do NAT
#######################################################################
#NAT Empresa Cim-Team
nat on $WAN_PDH from $REDE_ADMIN to any -> ($WAN_PDH)
nat on $WAN_ADSL from $REDE_ADMIN to any -> ($WAN_ADSL)
############################################################################################
#Solucao do problema do FTP
############################################################################################
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $ADMIN proto tcp from any to any port 21 -> 127.0.0.1 port 8021
############################################################################################
#Redirect DNS para Localhost
############################################################################################
rdr on $ADMIN proto udp from any to any port 53 -> 127.0.0.1 port 53
#######################################################################
#Liberacoes
#######################################################################
#Bloqueio de MSN
#pass quick on $ADMIN from <msn_liberado> to <msn>
#Bloqueio de Orkut
#pass quick on $ADMIN from <orkut_liberado> to <orkut>
#######################################################################
#Bloqueios
#######################################################################
#MSN
#block quick on $ADMIN from any to <msn> label block-msn
#Orkut Rede PDH
#block quick on $ADMIN from any to <orkut> label orkut
#######################################################################
#Controles de Banda
#######################################################################
pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) }
round-robin proto tcp from $REDE_ADMIN to any flags S/SA modulate state
pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) }
round-robin proto { udp, icmp } from $REDE_ADMIN to any keep state
pass out on $WAN_PDH proto tcp from any to any flags S/SA modulate state
pass out on $WAN_PDH proto { udp, icmp } from any to any keep state
pass out on $WAN_ADSL proto tcp from any to any flags S/SA modulate state
pass out on $WAN_ADSL proto { udp, icmp } from any to any keep state
pass out on $WAN_PDH route-to ($WAN_PDH $GW_PDH) from $WAN_PDH to any
pass out on $WAN_ADSL route-to ($WAN_ADSL $GW_ADSL) from $WAN_ADSL to any
Mais detalhes sobre a lista de discussão freebsd