[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transparent squid and load balacing outgoing traffic still notworking



Oops,
Forgot to attach the new pf.conf
ext_if1="rl0"
gw_if1="200.177.74.1"
gw_if2="200.164.195.8"
ext_if2="tun0"
int_if="rl1"
lan_net=$int_if:network
table <gws_if1> { $gw_if1 }
table <gws_if2> { $gw_if2 }
tcp_INservices = "{ 22 }"
icmp_types = "echoreq"
priv_nets =  "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
scrub in all random-id fragment reassemble
# nat/rdr
nat on $ext_if1 from !($ext_if1) to any -> ($ext_if1)
nat on $ext_if2 from !($ext_if2) to any -> ($ext_if2)
# squid
rdr on $int_if inet proto tcp from $lan_net to any port www -> 127.0.0.1 
port 3128
block in log from any to any
block out log from any to any
# loopback
pass quick on lo0 all
block drop in log quick on $ext_if1 from $priv_nets to any
block drop out log quick on $ext_if1 from any to $priv_nets
block drop in log quick on $ext_if2 from $priv_nets to any
block drop out log quick on $ext_if2 from any to $priv_nets
pass in quick log-all on $int_if from $int_if:network to any keep state
pass out quick log-all on $ext_if1 route-to \
    { ($ext_if1 <gws_if1>) , ($ext_if2 <gws_if2>) } round-robin \
    inet proto tcp from any to any keep state
# from internal network to firewall
pass in log-all on $int_if from $lan_net to $int_if flags S/SA keep state
# from firewall to internal network
pass out log on $int_if from $int_if to $int_if:network keep state
# firewall services
pass in log-all quick on $ext_if1 reply-to ($ext_if1 $gw_if1) inet proto 
tcp from any to ($ext_if1) port $tcp_INservices flags S/SA keep state 
pass in log-all quick on $ext_if2 reply-to ($ext_if2 $gw_if2) inet proto 
tcp from any to ($ext_if2) port $tcp_INservices flags S/SA keep state
# icmp
pass in log-all quick on $ext_if1 reply-to ($ext_if1 $gw_if1) inet proto 
icmp all icmp-type $icmp_types keep state
pass in log-all quick on $ext_if2 reply-to ($ext_if2 $gw_if2) inet proto 
icmp all icmp-type $icmp_types keep state 
# outside services
pass out on $ext_if1 proto tcp all flags S/SA keep state
pass out on $ext_if2 proto tcp all flags S/SA keep state
pass out on $ext_if1 proto {udp icmp} all keep state
pass out on $ext_if2 proto {udp icmp} all keep state