免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
论坛 操作系统 BSD BSD文档中心 OpenBSD 3.8 + PF + PFSYNC + CARP
最近访问板块 发新帖
查看: 1001 | 回复: 0
打印 上一主题 下一主题

OpenBSD 3.8 + PF + PFSYNC + CARP [复制链接]

dzter

论坛徽章:
0
跳转到指定楼层
1 [收藏(0)] [报告]
发表于 2006-10-23 14:21 |只看该作者 |倒序浏览
OpenBSD 3.8 + PF + PFSYNC + CARP
日期:2005.12.1
作者:congli
参考:
http://www.countersiege.com/doc/pfsync-carp/
参考:pfsync 及 carp 手册
实验环境:
VMWare 5.5,虚拟三台BSD,两台OpenBSD,一台FreeBSD.每台OpenBSD均有三块网卡.
虚拟机1:
名称:OpenBSD(GZ)
网卡pcn0:192.168.0.110/24        (接外网 vmnet0 桥接 192.168.0.0/24)
网卡pcn1:192.168.20.110/24        (接内网 vmnet2 NAT 192.168.20.0/24)
网卡pcn2:192.168.30.110/24        (pfsync vmnet3 NAT 192.168.30.0/24)
网关:192.168.0.254
虚拟机2:
名称:OpenBSD(PY)
网卡pcn0:192.168.0.120/24        (接外网 vmnet0 桥接 192.168.0.0/24)
网卡pcn1:192.168.20.120/24        (接内网 vmnet2 NAT 192.168.20.0/24)
网卡pcn2:192.168.30.120/24        (pfsync vmnet3 NAT 192.168.30.0/24)
网关:192.168.0.254
虚拟机3:
名称:FreeBSD
网卡lnc0:192.168.20.10/24        (接内网 vmnet2 NAT 192.168.20.0/24)
网关:192.168.20.200


图片附件
:
OpenBSD_PF_PFSYNC_CARP.jpg
(2005-12-2 09:16, 22.64 K)

设置:
1./etc/pf.conf(两台OpenBSD使用相同的规则),下面的规则非常简单,只用于测试.
CODE:
[Copy to clipboard]
ext_if  = "pcn0"
int_if  = "pcn1"
sync_if = "pcn2"
loop_if = "lo0"
nat on $ext_if from $int_if:network to any -> $ext_if
pass quick on { $sync_if } proto pfsync
pass on { $ext_if $int_if } proto carp keep state
pass in quick all keep state
pass out quick all keep state2.在OpenBSD(GZ)和OpenBSD(PY)中,分别增加下面文件.
# vi /etc/hostname.carp0
CODE:
[Copy to clipboard]
vhid 1 pass foo 192.168.0.200 255.255.255.0# vi /etc/hostname.carp1
CODE:
[Copy to clipboard]
vhid 2 pass bar 192.168.20.200 255.255.255.0# vi /etc/hostname.pfsync0
CODE:
[Copy to clipboard]
syncpeer 192.168.30.200 syncdev pcn2# vi /etc/rc.conf.local
CODE:
[Copy to clipboard]
pf=YES3.设置FreeBSD
# vi /etc/rc.conf
CODE:
[Copy to clipboard]
defaultrouter="192.168.20.200"
ifconfig_lnc0="inet 192.168.20.10 netmask 255.255.255.0"# vi /etc/resolv.conf
CODE:
[Copy to clipboard]
nameserver 202.96.128.68
nameserver 202.96.134.1334.设置完毕之后,重启三台虚拟机.
5.简单测试:
在FreeBSD虚拟机中,ping一个Internet上的真实IP,随便关闭那一台OpenBSD都可以.


附ifconfig
1.OpenBSD(GZ)
CODE:
[Copy to clipboard]
lo0: flags=8049 mtu 33224
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
pcn0: flags=8b43 mtu 1500
        lladdr 00:0c:29:fe:67:4b
        groups: egress
        media: Ethernet autoselect (autoselect)
        inet 192.168.0.110 netmask 0xffffff00 broadcast 192.168.0.255
pcn1: flags=8b43 mtu 1500
        lladdr 00:0c:29:fe:67:55
        media: Ethernet autoselect (autoselect)
        inet 192.168.20.110 netmask 0xffffff00 broadcast 192.168.20.255
pcn2: flags=8843 mtu 1500
        lladdr 00:0c:29:fe:67:5f
        media: Ethernet autoselect (autoselect)
        inet 192.168.30.110 netmask 0xffffff00 broadcast 192.168.30.255
pflog0: flags=141 mtu 33224
pfsync0: flags=0 mtu 1348
        pfsync: syncdev: pcn2 syncpeer: 192.168.30.200 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843 mtu 1500
        carp: BACKUP carpdev pcn0 vhid 1 advbase 1 advskew 0
        groups: carp
        inet 192.168.0.200 netmask 0xffffff00 broadcast 255.255.255.0
carp1: flags=8843 mtu 1500
        carp: BACKUP carpdev pcn1 vhid 2 advbase 1 advskew 0
        groups: carp
        inet 192.168.20.200 netmask 0xffffff00 broadcast 255.255.255.02.OpenBSD(PY)
CODE:
[Copy to clipboard]
lo0: flags=8049 mtu 33224
        groups: lo
        inet 127.0.0.1 netmask 0xff000000
pcn0: flags=8b43 mtu 1500
        lladdr 00:0c:29:cc:f5:37
        groups: egress
        media: Ethernet autoselect (autoselect)
        inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255
pcn1: flags=8b43 mtu 1500
        lladdr 00:0c:29:cc:f5:41
        media: Ethernet autoselect (autoselect)
        inet 192.168.20.120 netmask 0xffffff00 broadcast 192.168.20.255
pcn2: flags=8843 mtu 1500
        lladdr 00:0c:29:cc:f5:4b
        media: Ethernet autoselect (autoselect)
        inet 192.168.30.120 netmask 0xffffff00 broadcast 192.168.30.255
pflog0: flags=141 mtu 33224
pfsync0: flags=0 mtu 1348
        pfsync: syncdev: pcn2 syncpeer: 192.168.30.200 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843 mtu 1500
        carp: MASTER carpdev pcn0 vhid 1 advbase 1 advskew 0
        groups: carp
        inet 192.168.0.200 netmask 0xffffff00 broadcast 255.255.255.0
carp1: flags=8843 mtu 1500
        carp: MASTER carpdev pcn1 vhid 2 advbase 1 advskew 0
        groups: carp
        inet 192.168.20.200 netmask 0xffffff00 broadcast 255.255.255.03.FreeBSD
CODE:
[Copy to clipboard]
# ifconfig
lnc0: flags=108843 mtu 1500
        inet 192.168.20.10 netmask 0xffffff00 broadcast 192.168.20.255
        inet6 fe80::20c:29ff:fe1d:bbda%lnc0 prefixlen 64 scopeid 0x1
        ether 00:0c:29:1d:bb:da[ 本帖最后由 congli 于 2005-12-2 09:18 编辑 ]


本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/6402/showart_189033.html
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP