[FUG-BR] PF + Round-robin + squid
m3 BSD
m3.bsd.mania em gmail.com
Quinta Novembro 23 17:51:20 BRST 2006
Olha... veja bem...vc precisar usar a opcao "outgoing_address" do
squid, pra redirecionar as acls que vc quer que saiam pelo outro
gateway, porem, com isso, o squid soh muda o cabecalho do ip, ae, no
pf, vc tem q fazer o redirect disso para o segundo dg
Em 23/11/06, João David Prevedello<jd em prevedello.inf.br> escreveu:
> Pessoal estou tentando fazer um server com dois links de internet e squid.
> Porem o squid só funciona com o Link que é defaultgateway do servidor.
>
> Ja dei uma pesquisada e vi histórico na lista de pessoas que passaram por isso
> porem não achei solução.
>
> Se eu retirar o squid o round-robin ta beleza, hora sai pelo link1 hora pelo
> link2.
>
> O problema é se eu tiver que sair apenas pelo link2, pelo que vi teria que
> alterar até o default gateway? O PF não consegue gerenciar isso?
>
> No caso de usar os dois com round-robin o squid sai só pelo default? tenho
> como fazer ele gerenciar e sair pelos dois também?
>
> Se alguem puder ajudar ai.
>
> Abaixo meu PF.conf
>
> #######################################################################
> #Geralzao
> #######################################################################
> set optimization high-latency
> scrub in all
>
> WAN_PDH = "wi0"
> WAN_ADSL = "fxp0"
> ADMIN = "xl0"
> HOTEL = "rl0"
> GW_PDH = "10.0.0.254"
> GW_ADSL = "200.228.39.193"
>
> REDE_HOTEL = "10.0.0.0/24"
> REDE_ADMIN = "192.168.1.0/24"
>
> IP_PDH = "10.0.0.200"
> IP_ADSL = "200.228.39.210"
>
> #######################################################################
> #QoS WAN_PDH
> #######################################################################
> altq on $WAN_PDH hfsc bandwidth 100Mb queue { defup_pdh, admup_pdh }
> queue defup_pdh bandwidth 800Kb hfsc(default)
> queue admup_pdh bandwidth 1Mb hfsc(linkshare 1Mb)
>
> #######################################################################
> #QoS WAN_ADSL
> #######################################################################
> altq on $WAN_ADSL hfsc bandwidth 100Mb queue { defup_adsl, admup_adsl }
> queue defup_adsl bandwidth 2Mb hfsc(default)
> queue admup_adsl bandwidth 2Mb hfsc(linkshare 1Mb)
>
> #######################################################################
> #QoS REDE Interna
> #######################################################################
> altq on $ADMIN hfsc bandwidth 100Mb queue { defdw_lan, admdw_lan, pdhdw_lan,
> adsldw_lan }
> queue defdw_lan bandwidth 128Kb hfsc (default)
> queue admdw_lan bandwidth 1Mb hfsc (linkshare 1Mb)
> queue pdhdw_lan bandwidth 800Kb hfsc (linkshare 800Kb)
> queue adsldw_lan bandwidth 2Mb hfsc (linkshare 2Mb)
>
>
> ########################################################################
> #Tabelas
> #######################################################################
>
> table <msn> persist file "/etc/firewall/msn"
> table <orkut> persist file "/etc/firewall/orkut"
> table <bloqueado> persist file "/etc/firewall/orkut"
> table <excessao> persist file "/etc/firewall/excessao"
>
> #######################################################################
> #Controle do Squid
> #######################################################################
> rdr on $ADMIN proto tcp from $REDE_ADMIN to !<excessao> port 80 -> 127.0.0.1
> port 3128
>
> #######################################################################
> #Redirecionamentos Externo para maquinas internas
> #######################################################################
>
> #Cameras
> #rdr on $WAN_PDH proto tcp from any to $IP_PDH port 1100 -> 192.168.1.200 port
> 1100
>
> #Jonis
> #rdr on $WAN_PDH proto tcp from any to $IP_PDH port 5500 -> 192.168.1.130 port
> 5500
>
> #######################################################################
> #Controle do NAT
> #######################################################################
>
> #NAT Empresa Cim-Team
> nat on $WAN_PDH from $REDE_ADMIN to any -> ($WAN_PDH)
> nat on $WAN_ADSL from $REDE_ADMIN to any -> ($WAN_ADSL)
>
>
> ############################################################################################
> #Solucao do problema do FTP
> ############################################################################################
> nat-anchor "ftp-proxy/*"
> rdr-anchor "ftp-proxy/*"
> rdr on $ADMIN proto tcp from any to any port 21 -> 127.0.0.1 port 8021
>
> ############################################################################################
> #Redirect DNS para Localhost
> ############################################################################################
> rdr on $ADMIN proto udp from any to any port 53 -> 127.0.0.1 port 53
>
> #######################################################################
> #Liberacoes
> #######################################################################
>
> #Bloqueio de MSN
> #pass quick on $ADMIN from <msn_liberado> to <msn>
> #Bloqueio de Orkut
> #pass quick on $ADMIN from <orkut_liberado> to <orkut>
>
> #######################################################################
> #Bloqueios
> #######################################################################
>
> #MSN
> #block quick on $ADMIN from any to <msn> label block-msn
> #Orkut Rede PDH
> #block quick on $ADMIN from any to <orkut> label orkut
>
> #######################################################################
> #Controles de Banda
> #######################################################################
>
> pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) }
> round-robin proto tcp from $REDE_ADMIN to any flags S/SA modulate state
> pass in on $ADMIN route-to { ($WAN_PDH $GW_PDH), ($WAN_ADSL $GW_ADSL) }
> round-robin proto { udp, icmp } from $REDE_ADMIN to any keep state
>
> pass out on $WAN_PDH proto tcp from any to any flags S/SA modulate state
> pass out on $WAN_PDH proto { udp, icmp } from any to any keep state
> pass out on $WAN_ADSL proto tcp from any to any flags S/SA modulate state
> pass out on $WAN_ADSL proto { udp, icmp } from any to any keep state
>
> pass out on $WAN_PDH route-to ($WAN_PDH $GW_PDH) from $WAN_PDH to any
> pass out on $WAN_ADSL route-to ($WAN_ADSL $GW_ADSL) from $WAN_ADSL to any
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
--
Atenciosmente
Mario Augusto Mania <m3BSD>
-----------------------------------------------
m3.bsd.mania em gmail.com
Cel.: (43) 9938-9629
Msn: mario em oquei.com
Mais detalhes sobre a lista de discussão freebsd