PF load balancing outgoing ISPs

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

PF load balancing outgoing ISPs

FRLinux-2
Hello list,

I have this page trying to load balance my some of my devices (for now
my laptop as a test) to my second internet connection but have been
unable to make it work.
http://www.openbsd.org/faq/pf/pools.html#outgoing

I would be grateful if someone could explain my own mistakes in that
setup. I have set a default route for the gateway to isp two as I
thought i could direct traffic from laptop to isp one without having
to remove default routes, am I wrong here?

# isp one
ext_if1="sis1"
# isp two
ext_if="sis2"
# internal interface
int_if="sis0"

set skip on lo


#QoS on isp2
altq on $int_if cbq bandwidth 25Mb queue q_default
queue q_default bandwidth 25Mb cbq(default)

altq on $ext_if priq bandwidth 2600Kb queue std_out
queue std_out     priq(default)

# nat for laptop to isp one
match out on $ext_if1 from 192.168.0.52 !tagged NO_NAT nat-to (sis1:0)
match out on $ext_if1 from 192.168.0.52 nat-to (sis1)

# nat for isp two
match out on $ext_if from !($ext_if) !tagged NO_NAT nat-to ($ext_if:0)

# out with QoS
pass out on $ext_if queue std_out
pass out on $int_if queue q_default

#pass out to isp one from laptop
pass out on $ext_if1 from 192.168.0.52

block in

# pass all in
pass in on $int_if no state

#pass route to isp one from laptop
pass in on $int_if from 192.168.0.52 route-to sis1


Thanks in advance for any reply.
Steph

Reply | Threaded
Open this post in threaded view
|

Re: PF load balancing outgoing ISPs

FRLinux-2
On Sat, Jan 29, 2011 at 8:12 PM, roberth <[hidden email]> wrote:
> I'll point out the most obvious:
> Since there are no tagged states, everyone of those three "match" rules
> matches and the last one wins.

Hello Robert,

Thanks for responding, I have changed the rules to tag packets coming
from the laptop but still not getting through the right connection :(

This is the modified ruleset:

# isp one
ext_if1="sis1"
# isp two
ext_if="sis2"
# internal interface
int_if="sis0"

set skip on lo


#QoS on isp2
altq on $int_if cbq bandwidth 25Mb queue q_default
queue q_default bandwidth 25Mb cbq(default)

altq on $ext_if priq bandwidth 2600Kb queue std_out
queue std_out     priq(default)

# nat for laptop to isp one
match on sis1 from 192.168.0.52 to !192.168.0.0/24 tag LAPTOP
match out on $ext_if1 from 192.168.0.52 !tagged NO_NAT nat-to (sis1:0)
match out on $ext_if1 from 192.168.0.52 nat-to (sis1)

# nat for isp two
match out on $ext_if from !($ext_if) !tagged NO_NAT nat-to ($ext_if:0)

# out with QoS
pass out on $ext_if queue std_out
pass out on $int_if queue q_default

#pass out to isp one from laptop
pass out on sis1 tagged LAPTOP

block in

#pass route to isp one from laptop
pass in on $int_if tag LAPTOP keep state route-to sis1

# pass all in
pass in on $int_if no state


Thanks,
Steph