Max Laier wrote:
On Monday 09 August 2004 09:07, Muhammad Reza wrote:dear lists thank for the great repsonse, i'm new with pf ,
Dear Lists,
can pf rule work together with ipfw rules ?
i need pf rule to do some outgoing load balance, but still need ipfw to
do some basic packet filtering, cause i have difficulty to set pf rules
default to block if it's apply with load balancing rules.
please enlight me..
While it is possible to use pf and ipfw in conjunction, it is certainly preferable to settle for either one on its own. It should not be too much of a problem to get pf to do what you want/need. If you have more specific questions you can post to [EMAIL PROTECTED]
I have problem make pf redirect rule forwarding from net to my dmz internal server,
Maybe the problem is, because i have load balancing outgoing connection rule, that must have no default gateway.
If I apply default gateway, redirect rule work good, but no load balancing at all.
this is my rules;
#macros
lan_net = "172.16.0.0/16"
dmz_net = "10.10.10.0/24"
int_if = "xl0"
dmz_if = "rl3"
ext_if1 = "rl0"
ext_if2 = "rl1"
ext_if = "{" $ext_if1 $ext_if2 "}"
gw1 = "202.xxx.254.3"
gw2 = "202.xxx.255.170"
ext_gw1 = "202.xxx.254.1"
ext_gw2 = "202.xxx.255.169"
server_dmz = "10.10.10.2/32"
server_ext = "202.xxx.254.4/32"
priv_nets = "{127.0.0.1/8 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12}"
# scrub incoming packets
scrub in all
# nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> $gw1
nat on $ext_if2 from $lan_net to any -> $gw2
nat on $ext_if1 from $dmz_net to any -> $gw1
nat on $ext_if2 from $dmz_net to any -> $gw2
# smtp access from outside
rdr on $ext_if proto tcp from any to $server_ext port smtp -> $server_dmz port smtp
# default to deny
block log all
# pass traffic on the loopback interface in either direction
pass quick on lo0 all
# no RFC1819
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
# beastie
pass in on $int_if proto tcp from 172.16.0.228 to any port 22 keep state
# load balancing rules
pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA modulate statpass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep state
pass in on $dmz_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $dmz_net to any flags S/SA modulate statpass in on $dmz_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $dmz_net to any keep state
# general pass out
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to anyplease help me,
regards reza
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
