Hi.
I have make FreeBSD based router with 2-ISP network balancing.
1-st ISP (Stream): (rl1) link -> (ng1) PPPoE (only internet)
2-nd ISP (Briz): (rl2) link -> (ng0) PPTP (internet + local resources like www, ftp and torrent with another users + IPTV)
Local network (bridge0) dhcpd+bind - works fine
I get pf.conf from openbsd.org
Nat and balancing works fine, but i need little more:
1. Allow multicast from rl1 (igmpproxy already work, i have tryed with simple config)
2. Add routing\nat to $briz_local throught $briz_local_if\$briz_local_gw
3. Add rdr into config for forwarding $rdr_ports to $rdr_ip from ng1 and ng0.
Can you please help me with it, PF is little hard for me
I have make FreeBSD based router with 2-ISP network balancing.
1-st ISP (Stream): (rl1) link -> (ng1) PPPoE (only internet)
2-nd ISP (Briz): (rl2) link -> (ng0) PPTP (internet + local resources like www, ftp and torrent with another users + IPTV)
Local network (bridge0) dhcpd+bind - works fine
I get pf.conf from openbsd.org
PHP:
briz_local = "{ 192.168.1.0/24, 172.0.0.0/8 }"
briz_local_if = "rl1"
briz_local_gw = "172.18.124.1"
lan_net = "10.0.0.0/24"
int_if = "bridge0"
briz_if = "ng0"
stream_if = "ng1"
briz_gw = "213.231.0.9"
stream_gw = "89.209.95.254"
rdr_ip = "10.0.0.10"
rdr_ports = "{ 20, 21, 80, 443, 3389, 12975 }"
# nat outgoing connections on each internet interface
nat on $briz_if from $lan_net to any -> ($briz_if)
nat on $stream_if from $lan_net to any -> ($stream_if)
# default deny
block in from any to any
block out from any to any
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net allow-opts
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if allow-opts
# TEST: route to BRIZ local resrources
# pass in on $int_if route-to $briz_local_if from $lan_net to $briz_local keep-state
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
{ ($briz_if $briz_gw), ($stream_if $stream_gw) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
{ ($briz_if $briz_gw), ($stream_if $stream_gw) } round-robin \
proto { udp, icmp } from $lan_net to any keep state
pass in on $int_if route-to $briz_local_if from any to $briz_local keep state allow-opts
# general "pass out" rules for external interfaces
pass out on $briz_if proto tcp from any to any flags S/SA modulate state
pass out on $briz_if proto { udp, icmp } from any to any keep state
pass out on $stream_if proto tcp from any to any flags S/SA modulate state
pass out on $stream_if proto { udp, icmp } from any to any keep state
# route packets from any IPs on $briz_if to $briz_gw and the same for
# $stream_if and $stream_gw
pass out on $briz_if route-to ($stream_if $stream_gw) from $stream_if to any
pass out on $stream_if route-to ($briz_if $briz_gw) from $briz_if to anyNat and balancing works fine, but i need little more:
1. Allow multicast from rl1 (igmpproxy already work, i have tryed with simple config)
2. Add routing\nat to $briz_local throught $briz_local_if\$briz_local_gw
3. Add rdr into config for forwarding $rdr_ports to $rdr_ip from ng1 and ng0.
Can you please help me with it, PF is little hard for me