FreeBSD PF rdr load balancing question
Janne Snabb
snabb at epipe.com
Wed Nov 24 07:06:49 UTC 2010
On Tue, 23 Nov 2010, Roman Vasilyev wrote:
> We are moving to freebsd, and I want to use best firewall PF, I didn't found
> any ability for load balancing by ports only IP's, my question is:
> what's the best way to have load balancing by ports on LOCAL machine with PF?
I believe this is not possible with PF.
I think your best alternative solution would be to assign additional
IP addresses (aliases) either to your external interface or to your
loopback interface. These do not need to be proper IP addresses;
using RFC1918 addresses or addresses from the 127.0.0.0/8 block
should be fine.
You would bind each of your OpenVPN instances to one of these alias
addresses by using "local IP.AD.DR.ESS" in your openvpn.conf files
or "--local" command line option (instead of using "port PORT" as
you probably do now) and have the appropriate "rdr" rules in your
pf.conf. Search for "RDR ROUND ROBIN" in "man pf.conf" for an example
of such a rule.
Hope this helps,
--
Janne Snabb / EPIPE Communications
snabb at epipe.com - http://epipe.com/
More information about the freebsd-pf
mailing list