[FUG-BR] Duvida para implementar LOAD BALANCE com PF

Cleyton Bertolim cbertolim em gmail.com
Quarta Julho 8 15:57:02 BRT 2009


Boa tarde pessoal!

Estou tentando colocar para funcionar um balanceamento de link (EM
FREEBSD-7.2-RELEASE) aqui em meu laboratorio de testes, mas estou
derrapando em alguma coisa.
Segui os exemplos que peguei na NET, em especial o tutorial do PF no
site do OpenBSD, e outros exemplos que encontrei garimpando, mas nao
esta dando certo.
Abaixo tem os arquivos de configuracao deste sistema em questao:
/etc/sysctl.conf, /etc/rc.conf e /etc/pf.conf, e tambem a saida do
comando: netstat -rn, para que vejam minha tabela de roteamento.
Para ser bem sincero, acho que meu erro esta no roteamento. Se olharem
ali no arquivo rc.conf, poderao notar que nao coloquei nenhuma rota
padrao, porque em meu entendimento, as duas rotas deveriam ficar
ativas pela opcao "route-to" do pf.conf. Mas nao sei o porque nao esta
funcionando.
Por favor, se alguem soubre o que estou fazendo de errado e puder me
indicar o caminho eu agradeco.


##############################
######### SYSCTL.CONF #######
lb# more /etc/sysctl.conf
net.inet.ip.forwarding=1

#############################
######### RC.CONF ###########
lb# more /etc/rc.conf
hostname="lb.localhost.br"
ifconfig_re0="inet 192.168.230.254  netmask 255.255.255.0"   # REDE LOCAL
ifconfig_re1="inet 10.0.0.2  netmask 255.0.0.0"   # LINK INTERNET 1
ifconfig_re2="inet 172.16.0.2  netmask 255.255.0.0"   # LINK INTERNET 2

pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""

pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""

############################
######## PF.CONF ###########
int_if = "re0"
ext_if1 = "re1"
ext_if2 = "re2"
ext_gw1 = "10.0.0.1"
ext_gw2 = "172.16.0.1"
lan_net = "192.168.230.0/24"
ip_fw_internal = "192.168.230.254"

set skip on lo

nat pass on $ext_if1 from $lan_net to any -> ($ext_if1)
nat pass on $ext_if2 from $lan_net to any -> ($ext_if2)

#--- LINK INTERNET 1 -----------------------------------####
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any

pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state

pass in log quick on $ext_if1 inet proto tcp from any to any port 22
flags S/SA synproxy state

#--- LINK INTERNET 2 -----------------------------------####
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

pass in log quick on $ext_if2 inet proto tcp from any to any port 22
flags S/SA synproxy state

#--- Rede Local @ 192.168.230.254/24 -------------------####
pass out log quick on $int_if all modulate state
pass out quick on $int_if inet proto icmp all modulate state

pass in log quick on $int_if all modulate state
pass in quick on $int_if inet proto icmp all modulate state

pass in on $int_if route-to \
        { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
        proto tcp from $lan_net to any flags S/SA modulate state

pass in on $int_if route-to \
        { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
        proto { udp, icmp } from $lan_net to any keep state

#--- Loopback @ 127.0.0.1/8 ----------------------------####
pass out quick on lo0 all
pass in quick on lo0 all

###################################
####### NETSTAT -RN ###############
lb# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
10.0.0.0/8         link#2             UC          0        0    re1
10.0.0.1           00:40:f4:fc:ed:2e  UHLW        2        0    re1    645
127.0.0.1          127.0.0.1          UH          0        0    lo0
172.16.0.0/16      link#3             UC          0        0    re2
172.16.0.1         link#3             UHLW        1        0    re2
192.168.230.0/24   link#1             UC          0        0    re0
192.168.230.20     00:17:08:31:b8:93  UHLW        1     1809    re0    741
192.168.230.254    00:08:54:45:c1:87  UHLW        1       37    lo0


Mais detalhes sobre a lista de discussão freebsd