Date: Wed, 24 Nov 2010 07:06:47 +0000 (UTC) From: Janne Snabb <snabb@epipe.com> To: Roman Vasilyev <roman@anchorfree.com> Cc: "freebsd-pf@FreeBSD.org" <freebsd-pf@freebsd.org> Subject: Re: FreeBSD PF rdr load balancing question Message-ID: <alpine.BSF.2.00.1011240643590.96753@tiktik.epipe.com> In-Reply-To: <4CEC6F49.4030301@anchorfree.com> References: <4CEC6F49.4030301@anchorfree.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 23 Nov 2010, Roman Vasilyev wrote: > We are moving to freebsd, and I want to use best firewall PF, I didn't found > any ability for load balancing by ports only IP's, my question is: > what's the best way to have load balancing by ports on LOCAL machine with PF? I believe this is not possible with PF. I think your best alternative solution would be to assign additional IP addresses (aliases) either to your external interface or to your loopback interface. These do not need to be proper IP addresses; using RFC1918 addresses or addresses from the 127.0.0.0/8 block should be fine. You would bind each of your OpenVPN instances to one of these alias addresses by using "local IP.AD.DR.ESS" in your openvpn.conf files or "--local" command line option (instead of using "port PORT" as you probably do now) and have the appropriate "rdr" rules in your pf.conf. Search for "RDR ROUND ROBIN" in "man pf.conf" for an example of such a rule. Hope this helps, -- Janne Snabb / EPIPE Communications snabb@epipe.com - http://epipe.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1011240643590.96753>