- 论坛徽章:
- 0
|
本帖最后由 ustctapper 于 2011-05-15 11:24 编辑
OS: FreeBSD 8.1
有两个公网出口,代理服务器在所有网卡监听。
希望进入的包从相应的网卡回去。看了pf的FAQ,结果没试验成功,也就是说,使用ip2代理连接服务器,结果出去用的是ip1
以下是内容
if1="bce0"
if2="bce3"
gw1="a.a.a.a"
gw2="b.b.b.b"
block all
pass quick on lo0 all
# reply-to doesn't work?!
set state-policy if-bound
pass in quick on $if1 reply-to ($if1 $gw1) proto {tcp,udp,icmp} to any keep state (floating)
pass in quick on $if2 reply-to ($if2 $gw2) proto {tcp,udp,icmp} to any keep state (floating)
pass out on $if1 proto tcp from any to any flags S/SA modulate state
pass out on $if1 proto { udp, icmp } from any to any keep state
pass out on $if2 proto tcp from any to any flags S/SA modulate state
pass out on $if2 proto { udp, icmp } from any to any keep state
# route packets from any IPs on $if1 to $gw1 and the same for $if2 and $gw2
pass out on $if1 route-to ($if2 $gw2) from $if2 to any
pass out on $if2 route-to ($if1 $gw1) from $if1 to any |
|
免费注册
发表于 2011-05-15 11:14
