On Tuesday 04 October 2005 01:54 am, Manpreet Singh Nehra wrote:
> ####################################################
> #NAT Rules
> ####################################################
> #Local Lan to Internet
> nat on $ext_if1 from $lan_net to any -> ($ext_if1)
> nat on $ext_if2 from $lan_net to any -> ($ext_if2)
> nat on $ext_if3 from $lan_net to any -> ($ext_if3)
> nat on $ext_if4 from $lan_net to any -> ($ext_if4)
<snip>
> #############################################################
> #Load Balancing
> #############################################################
> pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2
> $ext_gw2), ($ext_if3 $ext_gw3), ($ext_if4 $ext_gw4) } round-robin
> from $lan_net to any keep state
<snip>
> pass out on $ext_if4 route-to ($ext_if4 $ext_gw3) from
> $ext_if3 to any
> pass out on $ext_if4 reply-to ($ext_if4 $ext_gw3)
> from $ext_if3 to any
I'm just learning pf and been watching this thread hoping to glean some
insight in case I ever have such a situation.
But at the risk of intense humiliation I will offer some thoughts that
may spark a dialog from which to learn.
Basically I'm wondering if instead of the route-to/reply-to method, the
above NAT and load balancing rules can be replaced with something like:
nat on !($int_if) from $lan_net to any -> <gateway_addresses> \
round-robin sticky-address
Also wondering if the four routers couldn't be patched into a switch
along with one and only one "ext_if" card to simplify matters even
further.
Chris
