Hello list,
is it possible to make outgoing traffic load-balance in a way that
connections from the same internal IP to the same external IP always use
the same WAN-connection (at least until the
The example under
> http://www.openbsd.org/faq/pf/pools.html#outexample
circumvents it by u
On Sat, Jan 29, 2011 at 8:12 PM, roberth wrote:
> I'll point out the most obvious:
> Since there are no tagged states, everyone of those three "match" rules
> matches and the last one wins.
Hello Robert,
Thanks for responding, I have changed the rules to tag packets coming
from the laptop but st
Hello list,
I have this page trying to load balance my some of my devices (for now
my laptop as a test) to my second internet connection but have been
unable to make it work.
http://www.openbsd.org/faq/pf/pools.html#outgoing
I would be grateful if someone could explain my own mistakes in that
set
hello misc@
following this post is a example taken from the OpenBSD PF Manual
http://www.openbsd.org/faq/pf/pools.html
I am looking for some Ideas, on how to load balance these connections
without overloading the 512k line (with a simple round robin)
I want to Que the traffic in such a way so i
On Sunday, October 29, 2006, at 15:43:09, Berk D. Demir wrote:
>> We are rdring all traffic between 3 servers in farm: 10.0.0.13,14,15
>> so we are using -k 0.0.0.0/0 :-)
> If you're not using sticky addresses, you don't need the patch.
> If you're using them, you should use the patch and kill th
Sylwester S. Biernacki wrote:
On Friday, October 27, 2006, at 12:23:24, Pete Vickers wrote:
Hi Berk,
I'm really intereted in this. I have a load of legacy tcp session
based load balancing with I'd love to migrate to an OpenBSD/pf based
solution. Do you have a patch with applies cleanly to
On Friday, October 27, 2006, at 12:23:24, Pete Vickers wrote:
> Hi Berk,
> I'm really intereted in this. I have a load of legacy tcp session
> based load balancing with I'd love to migrate to an OpenBSD/pf based
> solution. Do you have a patch with applies cleanly to 4.0 ?
afair this patch i
Pete Vickers wrote:
Hi Berk,
I'm really intereted in this. I have a load of legacy tcp session based
load balancing with I'd love to migrate to an OpenBSD/pf based solution.
Do you have a patch with applies cleanly to 4.0 ?
/Pete
Anyone caring about the patch, please see my recent post to
Hi Berk,
I'm really intereted in this. I have a load of legacy tcp session
based load balancing with I'd love to migrate to an OpenBSD/pf based
solution. Do you have a patch with applies cleanly to 4.0 ?
/Pete
On 26. okt. 2006, at 22.16, Berk D. Demir wrote:
Pete Vickers wrote:
1) Whe
Hi Per-Olav,
If you are dealing with http based services, rather than generic tcp,
then you could take a look at 'pound'. I did a port of it a while
back, and use it in pretty large scale environment here, it supports
sticky backend etc. Works well for me, YMMV.
http://marc.theaimsgroup.c
On Thursday 26 October 2006 22:28, Kevin Reay wrote:
> Hey,
>
> On 10/26/06, Pete Vickers <[EMAIL PROTECTED]> wrote:
> > If I recall correctly,
>
> You don't. :o)
>
> > slbd adds new rules to pf for each incoming
> > tcp session. Since I couldn't get it to work (old version) I do not
> > know what
Hey,
On 10/26/06, Pete Vickers <[EMAIL PROTECTED]> wrote:
If I recall correctly,
You don't. :o)
slbd adds new rules to pf for each incoming
tcp session. Since I couldn't get it to work (old version) I do not
know what the session and Sources tables will look like, but I
suspect there will be
Pete Vickers wrote:
1) When using sticky-address in the rdr rules client-server
associations are added to the internal Sources table.
It is impossible to remove entries for a single backend from this
table. If a backend fails and is removed from the rdr destination
table this tab
Hi,
If I recall correctly, slbd adds new rules to pf for each incoming
tcp session. Since I couldn't get it to work (old version) I do not
know what the session and Sources tables will look like, but I
suspect there will be no problems with them in slbd. Client-server
association is main
On Sunday 22 October 2006 21:13, Kevin Reay wrote:
> On 10/22/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
> > Hi again
> >
> > I am looking at the CVS. I can't see its possible to out of the box
> > remove addresses from a round robin scheme in PF against a faulty web
> > server. Am I missing
On Sunday 22 October 2006 17:29, Bill Marquette wrote:
> On 10/22/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
> > Hi
> >
> > I have followed this thread. Can anyone point out a working download
> > link? Sourceforge does not have any working mirrors for this
> > slbd-1.3.tar.gz file.. Probably
On 10/22/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
Hi again
I am looking at the CVS. I can't see its possible to out of the box remove
addresses from a round robin scheme in PF against a faulty web server. Am I
missing something?
But I maybe misunderstood Kevin Reay that in this thread s
On 10/22/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
Hi
I have followed this thread. Can anyone point out a working download link?
Sourceforge does not have any working mirrors for this slbd-1.3.tar.gz file..
Probably a misconfiguration somewhere.
Hmm, didn't notice that they didn't mirror
On Sunday 22 October 2006 01:44, Kevin Reay wrote:
> > Point of correction, slbd didn't have the ability to ping IP addresses.
>
> Good call.
>
> > You might check the code in CVS, it should compile and work on 3.9.
>
> Your right, I didn't notice it was being maintained. Thanks for the
> pointer,
Point of correction, slbd didn't have the ability to ping IP addresses.
Good call.
You might check the code in CVS, it should compile and work on 3.9.
Your right, I didn't notice it was being maintained. Thanks for the
pointer, and thanks so much for keeping it maintained (I just noticed
yo
On 10/21/06, Kevin Reay <[EMAIL PROTECTED]> wrote:
> there should be a userland process doing these checks and reoving the
> offending address from the pool on failure. unfortunately, to my
> knowledge, still nobody wrote something which does it.
>
A while ago I used this with great success:
htt
there should be a userland process doing these checks and reoving the
offending address from the pool on failure. unfortunately, to my
knowledge, still nobody wrote something which does it.
A while ago I used this with great success:
http://slbd.sourceforge.net/
It's open source (bsd!) and wri
* Alexander Lind <[EMAIL PROTECTED]> [2006-10-20 19:18]:
> OpenBSDs PF loadbalancing functionality does not support any sort of
> failover rule rewriting, or conditional rulesets, does it?
>
> For example, if I have PF round-robin to 4 webservers, and one goes
> down, is there any way to make PF
On Oct 20, 2006, at 12:19 PM, Alexander Lind wrote:
OpenBSDs PF loadbalancing functionality does not support any sort
of failover rule rewriting, or conditional rulesets, does it?
For example, if I have PF round-robin to 4 webservers, and one goes
down, is there any way to make PF notice th
On 2006/10/20 17:19, Alexander Lind wrote:
> For example, if I have PF round-robin to 4 webservers, and one goes
> down, is there any way to make PF notice this and remove the downed
> host from the pool, based on something as simple as missing ping
> replies?
carp is good for this. run it on t
OpenBSDs PF loadbalancing functionality does not support any sort of
failover rule rewriting, or conditional rulesets, does it?
For example, if I have PF round-robin to 4 webservers, and one goes
down, is there any way to make PF notice this and remove the downed host
from the pool, based on s
On 8/4/06, Hasan USTUNDAG <[EMAIL PROTECTED]> wrote:
http://www.bsdforums.org/forums/showthread.php?t=33480
script works fine for me.
You can also use ping to check host availibilty or perl module
Net::Telnet to check port availibilty for other protocols.
That pf.conf looks ok, but his script i
http://www.bsdforums.org/forums/showthread.php?t=33480
script works fine for me.
You can also use ping to check host availibilty or perl module
Net::Telnet to check port availibilty for other protocols.
On 8/4/06, Stephan A. Rickauer <[EMAIL PROTECTED]> wrote:
Spruell, Darren-Perot wrote:
> From
Spruell, Darren-Perot wrote:
> From: [EMAIL PROTECTED]
>> CARP comes very close to solving the problem, but it's not specific to
>> individual tcp ports afaik. So it would help if a box becomes
>> completely unreachable, but if only the service stops working it's not
>> that useful.
>>
>> Essential
On 8/3/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
Very. I haven't updated the site since taking over the maintainer
role. The code in CVS should compile and run on 3.9 cleanly - as soon
as I've tested it myself I was planning on rolling out a 1.3 release
(and I suppose I should check for it
On 8/3/06, Siju George <[EMAIL PROTECTED]> wrote:
On 8/3/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
>
> slbd - http://slbd.sourceforge.net/ might be what you're looking for.
> The CVS code has numerous fixes that aren't in the 1.2 release.
>
> Disclaimer: I'm the current maintainer (but not th
On 8/3/06, Bill Marquette <[EMAIL PROTECTED]> wrote:
slbd - http://slbd.sourceforge.net/ might be what you're looking for.
The CVS code has numerous fixes that aren't in the 1.2 release.
Disclaimer: I'm the current maintainer (but not the author) of that code.
This is great Bill :-)
Does it
On 8/2/06, ben <[EMAIL PROTECTED]> wrote:
I'm using a pf to round-robin redirect incoming requests (in this case
http) to a pf address pool.
I'm using pf to perform redirection in this situation instead of using
a proxy specifically to avoid the source addresses in the log files as
being that of
On Aug 2, 2006, at 7:53 PM, ben wrote:
I'm using a pf to round-robin redirect incoming requests (in this case
http) to a pf address pool.
I'm using pf to perform redirection in this situation instead of using
a proxy specifically to avoid the source addresses in the log files as
being that of t
From: [EMAIL PROTECTED]
> CARP comes very close to solving the problem, but it's not specific to
> individual tcp ports afaik. So it would help if a box becomes
> completely unreachable, but if only the service stops working it's not
> that useful.
>
> Essentially I'm looking for a very simple da
I'm using a pf to round-robin redirect incoming requests (in this case
http) to a pf address pool.
I'm using pf to perform redirection in this situation instead of using
a proxy specifically to avoid the source addresses in the log files as
being that of the proxy server. I'm aware of tools that
AFAIK, Squid (or other sevice) in your firewall which
need access to internet will looking for default
routing table, that in this case (pf load balance), u
dont have to specify it.
regards
reza
--- "MegadetH (crazyJM)" <[EMAIL PROTECTED]>
wrote:
> Hi all, I have a problem (very simple) with the
Hi all, I have a problem (very simple) with the PF and load balancing
I tried to read (of course) the FM and the rest of documentation of PF, to
look for Inet resources about, to write to the PF list, etc etc next step
would be to write to the developers team or to read the sources (the last is
These are real IP's. One is dynamic, the other is fixed.
> One more question.
> Are the IP's of two NICs real or virtual?
> >I forgot to mention that these are ADSL connections. The two
> >modems are
> > physically attached to the firewall, on two separate NICs.
> >
> >
> >> Why do not
One more question.
Are the IP's of two NICs real or virtual?
>I forgot to mention that these are ADSL connections. The two modems are
> physically attached to the firewall, on two separate NICs.
>
>
>> Why do not use 1 interface with 2 IP's and 1 nat rule with address
>> pool for balanc
then bridge this 2 NICs and
- ?? ? -
??: "Remy Chibois" <[EMAIL PROTECTED]>
??: "Yanko Karkalichev" <[EMAIL PROTECTED]>
??:
?: ?, 19 ?? 2005 15:46
???: Re: PF load balancing
>I forgot to mention that these are A
I forgot to mention that these are ADSL connections. The two modems are
physically attached to the firewall, on two separate NICs.
> Why do not use 1 interface with 2 IP's and 1 nat rule with address
> pool for balancing?
>
> somthing like this:
> nat on $ext_if inet from any to any -> {$ext_ip_
??, 19 ?????? 2005 11:54
???: PF load balancing
> Hi,
>
> I have two internet connections and would like to load balance outgoing
> trafic between the two interfaces.
>
> Using rules from the PF FAQ does not work for me (trafic is always
> routed to the first interface
Hi,
I have two internet connections and would like to load balance outgoing
trafic between the two interfaces.
Using rules from the PF FAQ does not work for me (trafic is always
routed to the first interface).
The connections are both from the same provider, have a different
public IP address, b
44 matches
Mail list logo
