Re: Load balancing mellem alternative routere

From: =?iso-8859-1?Q?Robert_Martin-Leg=E8ne? (none@robert--martin-legene.dk.lh.bsd-dk.dk)
Date: Wed 11 Sep 2002 - 16:16:56 CEST

Next message: Michael Jensen: "RE: Geforce4 & FreeBSD"
Previous message: Arne Schwerdtfegger: "Re: Geforce4 & FreeBSD"
In reply to: Jørgen Frøjk Kjærsgaard {Metation}: "Load balancing mellem alternative routere"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Date: Wed, 11 Sep 2002 16:16:56 +0200
From: =?iso-8859-1?Q?Robert_Martin-Leg=E8ne? <none@robert--martin-legene.dk.lh.bsd-dk.dk>
To: bsd-dk@bsd-dk.dk
Subject: Re: Load balancing mellem alternative routere

On Wed, Sep 11, 2002 at 08:41:44AM +0200, Jørgen Frøjk Kjærsgaard {Metation} wrote:
> Er det muligt at lave noget, der svarer til flere alternative defaultroutes.
> Setup'et ser således ud:
>
> Internet --- Router +----+
> 80.x.x.x | +--------------------+
> +--+ Firewall (FreeBSD) +---- Lokalnet
> | +--------------------+
> Internet --- Router +----+
> 62.x.x.x

Hej Jørgen.

Nedenstående burde kunne gøre det du vil, men håndterer ikke sikkerhedschecks i
sig selv. Jeg har af praktiske årsager ikke kunnet se om det virker. IP-numrene
bør nok ændres, men natportnumrene er ok. Din kerne skal desuden være oversat
med options DIVERT, options IPFIREWALL og options IPFIREWALL_FORWARD:

ISP1HISIP=80.1.1.1
ISP1MYIP=80.1.1.2
ISP1NATPORT=1
ISP2MYHISIP=62.1.1.1
ISP2MYIP=62.1.1.2
ISP2NATPORT=2
INSIDEIP=10.0.0.0/8

ipfw add 1000 skipto 8000 ip from $INSIDEIP to me
ipfw add 1100 skipto 5000 ip from $INSIDEIP to any
ipfw add 1200 skipto 6000 ip from any to $ISP1MYIP
ipfw add 1300 skipto 7000 ip from any to $ISP2MYIP
# udgående trafik
ipfw add 5000 skipto 5500 ip from any to 0.0.0.0:0.0.0.1
# Ud via ISP1
ipfw add 5100 divert $ISP1NATPORT ip from any to any
ipfw add 5200 fwd $ISP1HISIP ip from any to any
# Ud via ISP2
ipfw add 5500 divert $ISP2NATPORT ip from any to any
ipfw add 5600 fwd $ISP2HISIP ip from any to any
# Ind fra ISP1
ipfw add 6000 divert $ISP1NATPORT ip from any to any
ipfw add 6100 permit ip from any to $INSIDEIP
ipfw add 6200 skipto 8000 ip from any to any
# Ind fra ISP2
ipfw add 7000 divert $ISP2NATPORT ip from any to any
ipfw add 7100 permit ip from any to $INSIDEIP
ipfw add 7200 skipto 8000 ip from any to any
# Til freebsd'en selv
ipfw add 8000 permit ip from any to any

Kør flg fra /usr/local/etc/rc.d/natd.sh:
case "$1" in
  start) natd -a $ISP1MYIP -p $ISP1NATPORT &
         natd -a $ISP2MYIP -p $ISP2NATPORT & ;;
  stop) killall -9 natd ;;
esac

-- Robert Martin-Legène

Next message: Michael Jensen: "RE: Geforce4 & FreeBSD"
Previous message: Arne Schwerdtfegger: "Re: Geforce4 & FreeBSD"
In reply to: Jørgen Frøjk Kjærsgaard {Metation}: "Load balancing mellem alternative routere"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b30 : Wed 15 Nov 2006 - 18:24:22 CET