WAN load balance with PF
Daniel Hartmeier
daniel at benzedrine.cx
Tue Nov 20 10:34:37 UTC 2012
On Tue, Nov 20, 2012 at 01:52:43PM +0330, Hooma Fazaeli wrote:
> If we could connect both ADSl modems to the box, a config like below
> would work:
>
> lan_if = "em0"
> wan_if1 = "em1"
> wan_if2 = "em2"
>
> nat on $wan_if1 from $lan_if1:network to any -> $wan_if1
> nat on $wan_if2 from $lan_if1:network to any -> $wan_if2
>
> pass in on $lan_if route-to {($wan_if1 $wan_ip1) ($wan_if2 $wan_ip2)}
> pass all
>
> our problem is that since both WAN links are connected to the same
> interface (via the switch)
> there is no way to distinguish between the two in NAT rules.
>
> Any idea?
You could try to do round-robin on the nat rule, and route-to on 'pass
out' rules on the default route interface (nat comes first), like
# assuming default route through $wan_if1
nat on $wan_if1 from $lan_if1:network to any -> { $wan_if1 $wan_if2 } round-robin
pass out on $wan_if1 route-to ($wan_if2 $wan_ip2) from $wan_if2 to any
Daniel
More information about the freebsd-pf
mailing list