[FUG-BR] PF + Round-robin + squid

João David Prevede llo jd em prevedello.inf.br
Quinta Novembro 23 14:11:51 BRST 2006 

Pessoal estou tentando fazer um server com dois links de internet e squid.
Porem o squid só funciona com o Link que é defaultgateway do servidor.

Ja dei uma pesquisada e vi histórico na lista de pessoas que passaram por isso
porem não achei solução.

Se eu retirar o squid o round-robin ta beleza, hora sai pelo link1 hora pelo
link2.

O problema é se eu tiver que sair apenas pelo link2, pelo que vi teria que
alterar até o default gateway? O PF não consegue gerenciar isso?

No caso de usar os dois com round-robin o squid sai só pelo default? tenho
como fazer ele gerenciar e sair pelos dois também?

Se alguem puder ajudar ai.

Abaixo meu PF.conf

#######################################################################
#Geralzao
#######################################################################
set optimization high-latency
scrub in all

WAN_PDH = "wi0"
WAN_ADSL = "fxp0"
ADMIN = "xl0"
HOTEL = "rl0"
GW_PDH = "10.0.0.254"
GW_ADSL = "200.228.39.193"

REDE_HOTEL = "10.0.0.0/24"
REDE_ADMIN = "192.168.1.0/24"

IP_PDH = "10.0.0.200"
IP_ADSL = "200.228.39.210"

#######################################################################
#QoS WAN_PDH
#######################################################################
altq on $WAN_PDH hfsc bandwidth 100Mb queue { defup_pdh, admup_pdh }
        queue defup_pdh bandwidth 800Kb hfsc(default)
	queue admup_pdh bandwidth 1Mb hfsc(linkshare 1Mb)

#######################################################################
#QoS WAN_ADSL
#######################################################################
altq on $WAN_ADSL hfsc bandwidth 100Mb queue { defup_adsl, admup_adsl }
        queue defup_adsl bandwidth 2Mb hfsc(default)
        queue admup_adsl bandwidth 2Mb hfsc(linkshare 1Mb)

#######################################################################
#QoS REDE Interna
#######################################################################
altq on $ADMIN hfsc bandwidth 100Mb queue { defdw_lan, admdw_lan, pdhdw_lan,
adsldw_lan }  
        queue defdw_lan bandwidth 128Kb hfsc (default)
	queue admdw_lan bandwidth 1Mb hfsc (linkshare 1Mb)
	queue pdhdw_lan bandwidth 800Kb hfsc (linkshare 800Kb)
	queue adsldw_lan bandwidth 2Mb hfsc (linkshare 2Mb)


########################################################################
#Tabelas
#######################################################################

table <msn> persist file "/etc/firewall/msn"
table <orkut> persist file "/etc/firewall/orkut"
table <bloqueado> persist file "/etc/firewall/orkut"
table <excessao> persist file "/etc/firewall/excessao"

#######################################################################
#Controle do Squid
#######################################################################
rdr on $ADMIN proto tcp from $REDE_ADMIN to !<excessao> port 80 -> 127.0.0.1
port 3128

#######################################################################
#Redirecionamentos Externo para maquinas internas
#######################################################################

#Cameras
#rdr on $WAN_PDH proto tcp from any to $IP_PDH port 1100 -> 192.168.1.200 port
1100

#Jonis
#rdr on $WAN_PDH proto tcp from any to $IP_PDH port 5500 -> 192.168.1.130 port
5500

#######################################################################
#Controle do NAT
#######################################################################

#NAT Empresa Cim-Team
nat on $WAN_PDH from $REDE_ADMIN to any -> ($WAN_PDH)
nat on $WAN_ADSL from $REDE_ADMIN to any -> ($WAN_ADSL)


############################################################################################
#Solucao do problema do FTP
############################################################################################
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
rdr on $ADMIN proto tcp from any to any port 21 -> 127.0.0.1 port 8021

############################################################################################
#Redirect DNS para Localhost
############################################################################################
rdr on $ADMIN proto udp from any to any port 53 -> 127.0.0.1 port 53

#######################################################################
#Liberacoes
#######################################################################

#Bloqueio de MSN
#pass quick on $ADMIN from <msn_liberado> to <msn>
#Bloqueio de Orkut
#pass quick on $ADMIN from <orkut_liberado> to <orkut>

#######################################################################
#Bloqueios
#######################################################################

#MSN
#block quick on $ADMIN from any to <msn> label block-msn
#Orkut Rede PDH
#block quick on $ADMIN from any to <orkut> label orkut

#######################################################################
#Controles de Banda
#######################################################################

pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) }
round-robin proto tcp from $REDE_ADMIN to any flags S/SA modulate state
pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) }
round-robin proto { udp, icmp } from $REDE_ADMIN to any keep state

pass out on $WAN_PDH proto tcp from any to any flags S/SA modulate state
pass out on $WAN_PDH proto { udp, icmp } from any to any keep state
pass out on $WAN_ADSL proto tcp from any to any flags S/SA modulate state
pass out on $WAN_ADSL proto { udp, icmp } from any to any keep state

pass out on $WAN_PDH route-to ($WAN_PDH $GW_PDH) from $WAN_PDH to any 
pass out on $WAN_ADSL route-to ($WAN_ADSL $GW_ADSL) from $WAN_ADSL to any

Mais detalhes sobre a lista de discussão freebsd