- 论坛徽章:
- 1
|
07年我收集的一段PF实现文章,你照着试试看。
- lan_net = "192.168.0.0/24"
- int_if = "dc0"
- ext_if1 = "fxp0"
- ext_if2 = "fxp1"
- ext_gw1 = "68.146.224.1"
- ext_gw2 = "142.59.76.1"
- # nat outgoing connections on each internet interface
- nat on $ext_if1 from $lan_net to any -> ($ext_if1)
- nat on $ext_if2 from $lan_net to any -> ($ext_if2)
- # default deny
- block in from any to any
- block out from any to any
- # pass all outgoing packets on internal interface
- pass out on $int_if from any to $lan_net
- # pass in quick any packets destined for the gateway itself
- pass in quick on $int_if from $lan_net to $int_if
- # load balance outgoing tcp traffic from internal network.
- pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA modulate state
- # load balance outgoing udp and icmp traffic from internal network
- pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep state
- # general "pass out" rules for external interfaces
- pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
- pass out on $ext_if1 proto { udp, icmp } from any to any keep state
- pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
- pass out on $ext_if2 proto { udp, icmp } from any to any keep state
- # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
- # $ext_if2 and $ext_gw2
- pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
- pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
|
|
免费注册
发表于 2015-01-02 20:12
发表于 2015-02-19 16:19
发表于 2015-01-27 20:20
