PF and load balancing outgoing connections issue
Sean Leach
kickdaddy at gmail.com
Tue Sep 6 07:54:13 PDT 2005
Hey all,
Using FreeBSD 5.3 release #1, I am having some troubles getting
outgoing load balancing working with PF. It actually works fine for
NAT'd outbound connections, but when packets come IN, they get
balanced going back out, which leads them to take the wrong path back
to the source. I am sure it's something silly I am doing. I have
some servers in the LAN I am doing 1-1 NAT'ing with with redirects.
Here is the setup.
LAN -> FreeBSD Gateway -> cable
-> DSL
Here are my relevant config entries:
int_net="192.168.1.0/24"
pass out on $int_if from any to $int_net
pass in quick on $int_if from $int_net to $int_if
pass in on $int_if route-to \
{ ($dsl_if $dsl_gw), ($cable_if $cable_gw) } round-robin \
from $int_net to any keep state
pass out on $dsl_if route-to ($cable_if $cable_gw) from $cable_if to any
pass out on $cable_if route-to ($dsl_if $dsl_gw) from $dsl_if to any
So if I send a web request to one of the 1-1 NAT'd machines from
outside the network, it will go in the DSL interface, and half the
time the reply will go out the DSL interface. Sometimes though, I see
the packet go out the cable interface instead, this is when it doesn't
work.
Any thoughts/tips I should be aware of? This is my first time doing
this so I am definately a n00b :)
Thanks!
More information about the freebsd-pf
mailing list