Date: Thu, 30 Jun 2011 03:01:42 +0200 From: =?iso-8859-1?q?Gr=E9goire_Leroy?= <gregoire.leroy@retenodus.net> To: freebsd-ipfw@freebsd.org Subject: Load balancing ipfw + NAT Message-ID: <201106300301.42182.gregoire.leroy@retenodus.net>
next in thread | raw e-mail | index | archive | help
Hi, I try to use load-balancing with IPFW. I've 3 lines : 2 ADSL and 1 SDSL. I = try=20 to loadbalance http trafic on ADSL1(192.168.7.1) and ADSL2(192.168.6.1). My gateway has 4 network devices. 1 for each line (em 1 ->192.168.5.10, em2= ->=20 192.168.6.10, em3 ->192.168.7.10), and one for local network (em0 ->=20 192.168.4.1) On my gateway, there are 3 nat instances : natd -p 8868 -dynamic -interface em3 natd -p 8869 -dynamic -interface em2 natd -p 8868 -dynamic -interface em1 =20 Here is my config relative to the load balanc : $cmd 300 divert 8868 ip from any to any via $adsl1_if $cmd 301 divert 8869 ip from any to any via $adsl2_if $cmd 302 divert 8870 ip from any to any via $sdsl_if $cmd 00320 check-state $cmd 0670 prob 0.5 skipto 17000 tcp from $clients to any $tcp_web setup $ks $cmd 0671 skipto 19000 tcp from $clients to any $tcp_web setup $ks $cmd 017000 divert 8868 ip from $clients to any in $cmd 017500 divert 8868 ip from $clients to any out=20 $cmd 017700 allow all from any to any=20 $cmd 019000 divert 8869 ip from $clients to any out=20 $cmd 019500 divert 8869 ip from $clients to any in $cmd 19700 allow all from any to any=20 $cmd 17550 fwd $isp1 ip from 192.168.7.10 to any=20 $cmd 19550 fwd $isp2 ip from 192.168.6.10 to any=20 $cmd 23500 fwd $isp3 ip from 192.168.5.10 to any=20 $cmd 65534 allow all from any to any ipfw show : 00300 16789 17438940 divert 8868 ip from any to any via em3=20 00301 0 0 divert 8869 ip from any to any via em2=20 00302 0 0 divert 8870 ip from any to any via em1=20 00670 6409 7934908 prob 0.500000 skipto 17000 tcp from 192.168.4.2 to any= =20 dst-port 80,443,25,3128 setup keep-state 00671 21464 26576872 skipto 19000 tcp from 192.168.4.2 to any dst-port=20 80,443,25,3128 setup keep-state 17000 1145 59132 divert 8868 ip from 192.168.4.2 to any in 17500 0 0 divert 8868 ip from 192.168.4.2 to any out 17700 6409 7934908 allow ip from any to any 19000 0 0 divert 8869 ip from 192.168.4.2 to any out 19500 3848 198584 divert 8869 ip from 192.168.4.2 to any in The skipto seems good, so I don't understand why I don't catch packet with = a=20 tcpdump on em2 : it seems that all web traffic pass by em3. Can someone explain me what is wrong ? PS : my work is based on http://lists.freebsd.org/pipermail/freebsd-ipfw/20= 03- August/000399.html Regards, Gr=E9goire leroy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106300301.42182.gregoire.leroy>