[OpenBSD-BR] RES: Balanceamento entrante de Carga.

Luciano M. Mercucci lmercucci em yahoo.com.br
Quinta Junho 21 14:09:14 BRT 2007 

Faltou um pedaço segue completo:

lan_net1 = "192.168.0.0/24"
lan_net2 = "192.168.1.0/24"
int_if1 = "rl0"
int_if2 = "rl1"
ext_if1 = "ste0"
ext_if2 = "xl0"
int_gw1 = "192.168.0.1"
int_gw2 = "192.168.1.2"
ext_gw1 = "200.200.200.1"
ext_gw2 = "200.200.200.1"
ext_ip1 = "200.200.200.5"
ext_ip2 = "200.200.222.5"
srv_web2 = "192.168.0.15"
srv_web1 = "192.168.0.16"
srv_cssu = "192.168.1.11"
srv_syssu = "192.168.1.16"
gere = "{ 200.1.1.22 , 200.5.5.28 , 200.99.99.4 }"

#set skip on lo0

# Rede WiFi <--> SUB #
nat on $int_if1 from any to $lan_net1 -> $int_if1
nat on $int_if2 from any to $lan_net2 -> $int_if2

# Redes Internas pra INTERNET
nat on $ext_if1 from { $lan_net1 , $lan_net2 } to any -> ($ext_if1)
nat on $ext_if2 from { $lan_net1 , $lan_net2 } to any -> ($ext_if2)

#NAT de entrada.
rdr on $ext_if2 proto tcp from any to $ext_ip2 port { 80, 443, 53, 3389 } ->
$srv_web2
rdr on $ext_if1 proto tcp from any to $ext_ip1 port { 80, 443, 53, 3389 } ->
$srv_web1

rdr on $ext_if2 proto udp from any to $ext_ip2 port { 53 } -> $srv_web2
rdr on $ext_if1 proto udp from any to $ext_ip1 port { 53 } -> $srv_web2

rdr on $ext_if2 proto tcp from any to $ext_ip2 port 90 -> $srv_syssu

rdr on $ext_if2 proto udp from any to $ext_ip2 port 27015 -> $srv_cssu

#  default deny
block in
pass out keep state

#Libera tudo WIFI - SUB
pass in quick on $int_if1 from $lan_net1 to any
pass in quick on $int_if2 from $lan_net2 to any

# Servidores
# Servidor Redes Seguras
#Ports TCP
pass in quick on $ext_if2 proto tcp from any to any port { 80, 443, 53,
3389 }
pass in quick on $int_if1 proto tcp from any to any port { 80, 443, 53,
3389 }
#Ports UDP
pass in quick on $ext_if2 proto udp from any to any port { 53 }
pass in quick on $int_if1 proto udp from any to any port { 53 }

#UDP
#CSSUB
pass in quick on $ext_if2 proto udp from any to any port { 27015 }
pass in quick on $int_if2 proto udp from any to any port { 27015 }

#Aplicativo Sub
pass in quick on $ext_if2 proto tcp from any to any port { 90 }
pass in quick on $int_if2 proto tcp from any to any port { 90 }

#SSH
pass in quick on $ext_if1 proto tcp from $gere to $ext_ip1 port 22
pass in quick on $ext_if2 proto tcp from $gere to $ext_ip2 port 22

#  aceita (quick) quaisquer pacotes destinados ao próprio gateway
pass in quick on $int_if1 from $lan_net1 to $int_if1
pass in quick on $int_if2 from $lan_net2 to $int_if2

#  Faz balanceamento de carga no tráfego da rede interna.
# HTTPS
pass in quick on $int_if1 route-to { ($ext_if2 $ext_gw2) } proto tcp from
$lan_net1 to any port 443 flags S/SA modulate state
pass in quick on $int_if2 route-to { ($ext_if2 $ext_gw2) } proto tcp from
$lan_net2 to any port 443 flags S/SA modulate state
# Restante do Trafego
pass in on $int_if1 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto tcp from $lan_net1 to any flags S/
SA modulate state

pass in on $int_if2 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto tcp from $lan_net2 to any flags S/
SA modulate state

#  balanceamento de carga em pacotes udp e icmp vindos da rede interna
pass in on $int_if1 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto { udp, icmp } from $lan_net1 to an
y keep state
pass in on $int_if2 route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) }
round-robin proto { udp, icmp } from $lan_net2 to an
y keep state

#  regras gerais "pass out" para as interfaces externas
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state

pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

#  roteia pacotes de qualquer IP na $ext_if1 para $ext_gw1 e o mesmo para
#  $ext_if2 e $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if1 route-to ($int_if1 $int_gw1) from $int_if1 to any
pass out on $ext_if1 route-to ($int_if2 $int_gw2) from $int_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $ext_if2 route-to ($int_if1 $int_gw1) from $int_if1 to any
pass out on $ext_if2 route-to ($int_if2 $int_gw2) from $int_if2 to any
pass out on $int_if1 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $int_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $int_if1 route-to ($int_if2 $int_gw2) from $int_if2 to any
pass out on $int_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
pass out on $int_if2 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $int_if2 route-to ($int_if1 $int_gw1) from $int_if1 to any


Obrigado,
Luciano

-----Mensagem original-----
De: openbsd-bounces em openbsd-br.org
[mailto:openbsd-bounces em openbsd-br.org]Em nome de Rafael Sales
Enviada em: quinta-feira, 21 de junho de 2007 13:39
Para: OpenBSD-BR
Assunto: Re: [OpenBSD-BR] Balanceamento entrante de Carga.


Poste suas regras.


--
Tompast IT Services LTDA.
e-mail: rafael.sales em tompast.org
voip: 34568794 em iax.tompast.org
+55 11 4063-5759
+55 11 3207-2457
+55 11 8433-2281
+55 11 9979-6826
_______________________________________________
OpenBSD mailing list
OpenBSD em openbsd-br.org
http://listas.openbsd-br.org/mailman/listinfo/openbsd


		
_______________________________________________________ 
Yahoo! Mail - Sempre a melhor opção para você! 
Experimente já e veja as novidades. 
http://br.yahoo.com/mailbeta/tudonovo/

Mais detalhes sobre a lista de discussão Openbsd