как поделить инет между провайдерами?
Добавлено: 2007-03-10 16:36:23
Сделал вот такой файрвол (FreeBSD 6.2 + PF):
Но все равно весь трафик идет через defaultrouter, прописанный в rc.conf.
подскажите, плз, что нужно сделать, что бы, например от ип 192.168.1.3 трафик шел через второго провайдера?
Код: Выделить всё
ext_if_a = "rl1"
ext_if_b = "sk0"
int_if = "rl0"
ext_ip_a = "a.a.a.a"
ext_ip_b = "b.b.b.b"
ext_gw_a = "x"
ext_gw_b = "x"
int_ip = "192.168.x.x"
my_net = "192.168.x.x/24"
mail="192.168.x.x"
pop="195.x.x.x"
smtp="81.x.x.x"
table <grey_net> { 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8, 0.0.0.0/8, 169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3, 20.20.20.0/24 }
table <ext_dns> { x }
table <int_dns> { x }
table <admins> { x }
set block-policy drop
set optimization aggressive
set timeout { adaptive.start 6000, adaptive.end 12000 }
scrub in fragment reassemble
scrub in on { $ext_if_a $ext_if_b } no-df random-id
scrub out all random-id max-mss 1440
#Translation
nat pass on $ext_if_a from $my_net -> ($ext_if_a)
nat pass on $ext_if_b from $my_net -> ($ext_if_b)
#Filtering
block in all
block out all
#PORT SCANNERS FOR OS DETECTING
block in quick proto tcp from any to { $ext_if_a $ext_if_b } flags SF/SFRA
block in quick proto tcp from any to { $ext_if_a $ext_if_b } flags FPU/SFRAUP
block in quick proto tcp from any to { $ext_if_a $ext_if_b } flags F/SFRA
block in quick proto tcp from any to { $ext_if_a $ext_if_b } flags U/SFRAU
block in quick proto tcp from any to { $ext_if_a $ext_if_b } flags P/P
pass quick on {lo0 $int_if}
antispoof quick for {lo}
block out quick on { $ext_if_a $ext_if_b } from <grey_net> to any
pass in on $int_if inet proto tcp from $my_net to $int_ip port 3128 keep state
pass in on $int_if inet proto tcp from <admins> to { $int_ip } port 22 keep state
pass in on $int_if inet proto udp from $my_net to any port 53 keep state
pass in on $int_if inet proto tcp from $mail to $pop port pop3 keep state
pass in on $int_if inet proto tcp from $mail to $smtp port smtp keep state
pass out on { $ext_if_a $ext_if_b } proto tcp from { $ext_ip_a $ext_ip_b } to any port { 80, 443 } keep state
pass in on $int_if route-to ($ext_if_b $ext_gw_b) proto tcp from $my_net to any port 80 keep stateНо все равно весь трафик идет через defaultrouter, прописанный в rc.conf.
подскажите, плз, что нужно сделать, что бы, например от ип 192.168.1.3 трафик шел через второго провайдера
Код: Выделить всё
(ext_if_b ext_gw_b)