Friday 29 of February 2008 17:28:07 napisałeś(-łaś):
> Am Fr, 29.02.2008, 16:35, schrieb Bartosz Giza:
> > Hi,
> >
> > I have to do such a thing like redirecting connections to port 80 based
> > on probability. For example i need to redirect 10% requests to my web
> > server and
> > other 90% of requests should go to the original location.
> >
> > I know that pf has probability feature but there is no probability option
> > for
> > rdr rules. I have tryied couple of methods that could work but they
> > didn't
> >
> > :(
> >
> > The problem is that rdr rules works on incoming packets so i can't use
> > them
> > dirrectly because i don't want to redirect all packets to different
> > location.
> >
> > Could somebody tell me is such a thing possible in pf ? If yes please
> > point me
> > how is that possible.
>
> Say you want to share 1/3 -> IP_A and 2/3 -> IP_B (for the sake of
> brevity):
>
> rdr on $ext_if proto tcp from any to any port 80 \
> -> { $IP_B, $IP_A, $IP_B } round-robin
>
> This also works with random pool selection. src-hash and bitmask are
> obviously another story. sticky-address might also skew the results, but
> could be a good idea nontheless.
Hmm the problem is that i need to redirect only some % of packages and others
leave untouched (no rdr) But in this example i have to put redirection
addresses but i don't know them.
Exactly what i need is to redirect some percentage of all web connections to
my www server where would be page with some information for a client. The
rest of those connections would be passed without redirection. So i need
something like this:
rdr on $int_if inet proto tcp from someip to any port 80 probability 0.1 ->
mywebserver
But the problem is rdr rule does not understand probability keyword.
For now i don't have a clue how to do this with pf.
Other question is where can i use such a rule:
rdr on $int_if inet proto tcp from someip to any port 80 tagged key -> mywebsr
I can't really imagine how can i use key word tagged with rdr rule. What i
know rdr are done on packets that come in to the iface and it is done on the
begining. So i can't imagie situation where can i use such a construcion.
--
Pozdrawiam
Bartosz Giza
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
