piston Posted July 16, 2011 Posted July 16, 2011 Привет BSD гуру Кто-нибудь есть идеи, как мы можем перевести эти правила packet filter к IPFW nat и setfib. lan_net = "192.168.0.0/24" int_if = "dc0" ext_if1 = "fxp0" ext_if2 = "fxp1" ext_gw1 = "68.146.224.1" ext_gw2 = "142.59.76.1" # nat outgoing connections on each internet interface match out on $ext_if1 from $lan_net nat-to ($ext_if1) match out on $ext_if2 from $lan_net nat-to ($ext_if2) # default deny block in block out # pass all outgoing packets on internal interface pass out on $int_if to $lan_net # pass in quick any packets destined for the gateway itself pass in quick on $int_if from $lan_net to $int_if # load balance outgoing traffic from internal network. pass in on $int_if from $lan_net \ route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } \ round-robin # keep https traffic on a single connection; some web applications, # especially "secure" ones, don't allow it to change mid-session pass in on $int_if proto tcp from $lan_net to port https \ route-to ($ext_if1 $ext_gw1) # general "pass out" rules for external interfaces pass out on $ext_if1 pass out on $ext_if2 # route packets from any IPs on $ext_if1 to $ext_gw1 and the same for # $ext_if2 and $ext_gw2 pass out on $ext_if1 from $ext_if2 route-to ($ext_if2 $ext_gw2) pass out on $ext_if2 from $ext_if1 route-to ($ext_if1 $ext_gw1) Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.