Boa tarde pessoal!
Estou tentando colocar para funcionar um balanceamento de link (EM
FREEBSD-7.2-RELEASE) aqui em meu laboratorio de testes, mas estou
derrapando em alguma coisa.
Segui os exemplos que peguei na NET, em especial o tutorial do PF no
site do OpenBSD, e outros exemplos que encontrei garimpando, mas nao
esta dando certo.
Abaixo tem os arquivos de configuracao deste sistema em questao:
/etc/sysctl.conf, /etc/rc.conf e /etc/pf.conf, e tambem a saida do
comando: netstat -rn, para que vejam minha tabela de roteamento.
Para ser bem sincero, acho que meu erro esta no roteamento. Se olharem
ali no arquivo rc.conf, poderao notar que nao coloquei nenhuma rota
padrao, porque em meu entendimento, as duas rotas deveriam ficar
ativas pela opcao "route-to" do pf.conf. Mas nao sei o porque nao esta
funcionando.
Por favor, se alguem soubre o que estou fazendo de errado e puder me
indicar o caminho eu agradeco.
##############################
######### SYSCTL.CONF #######
lb# more /etc/sysctl.conf
net.inet.ip.forwarding=1
#############################
######### RC.CONF ###########
lb# more /etc/rc.conf
hostname="lb.localhost.br"
ifconfig_re0="inet 192.168.230.254 netmask 255.255.255.0" # REDE LOCAL
ifconfig_re1="inet 10.0.0.2 netmask 255.0.0.0" # LINK INTERNET 1
ifconfig_re2="inet 172.16.0.2 netmask 255.255.0.0" # LINK INTERNET 2
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
############################
######## PF.CONF ###########
int_if = "re0"
ext_if1 = "re1"
ext_if2 = "re2"
ext_gw1 = "10.0.0.1"
ext_gw2 = "172.16.0.1"
lan_net = "192.168.230.0/24"
ip_fw_internal = "192.168.230.254"
set skip on lo
nat pass on $ext_if1 from $lan_net to any -> ($ext_if1)
nat pass on $ext_if2 from $lan_net to any -> ($ext_if2)
#--- LINK INTERNET 1 -----------------------------------####
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass in log quick on $ext_if1 inet proto tcp from any to any port 22
flags S/SA synproxy state
#--- LINK INTERNET 2 -----------------------------------####
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
pass in log quick on $ext_if2 inet proto tcp from any to any port 22
flags S/SA synproxy state
#--- Rede Local @ 192.168.230.254/24 -------------------####
pass out log quick on $int_if all modulate state
pass out quick on $int_if inet proto icmp all modulate state
pass in log quick on $int_if all modulate state
pass in quick on $int_if inet proto icmp all modulate state
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net to any keep state
#--- Loopback @ 127.0.0.1/8 ----------------------------####
pass out quick on lo0 all
pass in quick on lo0 all
###################################
####### NETSTAT -RN ###############
lb# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
10.0.0.0/8 link#2 UC 0 0 re1
10.0.0.1 00:40:f4:fc:ed:2e UHLW 2 0 re1 645
127.0.0.1 127.0.0.1 UH 0 0 lo0
172.16.0.0/16 link#3 UC 0 0 re2
172.16.0.1 link#3 UHLW 1 0 re2
192.168.230.0/24 link#1 UC 0 0 re0
192.168.230.20 00:17:08:31:b8:93 UHLW 1 1809 re0 741
192.168.230.254 00:08:54:45:c1:87 UHLW 1 37 lo0
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
