关于pf的双线路配置的问题，高手请进！

znfnft

我有两条电信的线路，pf配置如下
if_isp1="fxp1"
if_isp2="fxp2"
gw_isp1="218.2.115.118"
gw_isp2="218.94.117.178"
lan_net = "192.168.1.0/23"
int_if = "em0"

现在公司要求我，192.168.0.1-192.168.0.254从gw_isp1（218.2.115.118）这条路走，192.168.1.1-192.168.1.254从gw_isp2（218.94.117.178）这条路走，不需要负载均衡。
不知道pf.conf该怎么写？有高手帮帮忙，写个比较完整的配置。非常感谢！

axlrose

http://www.enhand.net/blog.php?id=262

1. 
   
2. 双线用pf做策略路由和负载平衡
   
3. pf.conf如下:
   
4. #接内网
   
5. lan_net = "192.168.0.0/24"
   
6. int_if = "msk0"
   
7. #接电信
   
8. ext_if1 = "fxp0"
   
9. #接网通
   
10. ext_if2 = "fxp1"
    
11. ext_gw1 = "192.168.2.248"
    
12. ext_gw2 = "10.10.10.1"
    
13. 
    
14. 
    
15. # nat outgoing connections on each internet interface
    
16. 
    
17. nat on $ext_if1 from $lan_net to any -> ($ext_if1)
    
18. nat on $ext_if2 from $lan_net to any -> ($ext_if2)
    
19. 
    
20. pass in all
    
21. pass out all
    
22. # default deny
    
23. #block in from any to any
    
24. #block out from any to any
    
25. 
    
26. #下面是策略路由
    
27. #电信的DNS走电信
    
28. pass in quick on $int_if route-to ($ext_if1 $ext_gw1) from any to {202.103.224.68 202.103.225.68}
    
29. 
    
30. #WEB走电信
    
31. pass in quick on $int_if route-to ($ext_if2 $ext_gw2) proto tcp from any to any port 80
    
32. 
    
33. #下面是双线负载,抄书的
    
34. # pass all outgoing packets on internal interface
    
35. pass out on $int_if from any to $lan_net
    
36. # pass in quick any packets destined for the gateway itself
    
37. pass in quick on $int_if from $lan_net to $int_if
    
38. # load balance outgoing tcp traffic from internal network.
    
39. pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto tcp from $lan_net to any flags S/SA modulate state
    
40. # load balance outgoing udp and icmp traffic from internal network
    
41. pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin proto { udp, icmp } from $lan_net to any keep state
    
42. 
    
43. # general "pass out" rules for external interfaces
    
44. pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
    
45. pass out on $ext_if1 proto { udp, icmp } from any to any keep state
    
46. pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
    
47. pass out on $ext_if2 proto { udp, icmp } from any to any keep state
    
48. 
    
49. # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for $ext_if2 and $ext_gw2
    
50. pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
    
51. pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
    

复制代码

http://www.abc188.com/info/html/ ... 0090513/128083.html
利用PF实现策略路由

google 查找关键字: pf 路由策略

pingchipi

收藏起来 以备显摆时用