Load Balancing Warnet dengan FreeBSD.Koneksi menggunakan 2 Link Speedy Paket Office.Jumlah komputer Client ada 18 Unit dan 1 Unit Komputer Operator.Koneksi digunakan untuk browsing dan main game Online.Contoh Confignya :
router# cat /etc/rc.conf
# Created: Sat Dec 6 11:20:32 2008
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
sshd_enable="YES"
fsck_y_enable="YES"
gateway_enable="YES"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""
router_flags="-q"
router="/sbin/routed"
router_enable="YES"
ifconfig_rl0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_rl1="inet 192.168.2.2 netmask 255.255.255.0"
ifconfig_rl2="inet 192.168.3.2 netmask 255.255.255.0"
defaultrouter="192.168.2.1"
hostname="router.99cybercafe.net"
router# cat /etc/pf.conf
# $FreeBSD: src/etc/pf.conf,v 1.1.2.1 2004/09/17 18:27:14 mlaier Exp $
# $OpenBSD: pf.conf,v 1.21 2003/09/02 20:38:44 david Exp $
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Required order: options, normalization, queueing, translation, filtering.
# Macros and tables may be defined and used anywhere.
# Note that translation rules are first match while filter rules are last match.
lan_net = "192.168.1.0/24"
int_if = "rl0"
ext_if1 = "rl1"
ext_if2 = "rl2"
ext_gw1 = "192.168.2.1"
ext_gw2 = "192.168.3.1"
# nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)
# default deny
block in from any to any
block out from any to any
# pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
# pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
# load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto tcp from $lan_net to any flags S/SA modulate state
# load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
{ ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
proto { udp, icmp } from $lan_net to any keep state
# general "pass out" rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state
# route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
# $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
router# pfctl -sn
nat on rl1 inet from 192.168.1.0/24 to any -> (rl1) round-robin
nat on rl2 inet from 192.168.1.0/24 to any -> (rl2) round-robin
router# pfctl -sr
block drop in all
block drop out all
pass out on rl0 inet from any to 192.168.1.0/24
pass in quick on rl0 inet from 192.168.1.0/24 to 192.168.1.1
pass in on rl0 route-to { (rl1 192.168.2.1), (rl2 192.168.3.1) } round-robin inet proto tcp from 192.168.1.0/24 to any flags S/SA modulate state
pass in on rl0 route-to { (rl1 192.168.2.1), (rl2 192.168.3.1) } round-robin inet proto udp from 192.168.1.0/24 to any keep state
pass in on rl0 route-to { (rl1 192.168.2.1), (rl2 192.168.3.1) } round-robin inet proto icmp from 192.168.1.0/24 to any keep state
pass out on rl1 proto tcp all flags S/SA modulate state
pass out on rl1 proto udp all keep state
pass out on rl1 proto icmp all keep state
pass out on rl2 proto tcp all flags S/SA modulate state
pass out on rl2 proto udp all keep state
pass out on rl2 proto icmp all keep state
pass out on rl1 route-to (rl2 192.168.3.1) inet from 192.168.3.2 to any
pass out on rl2 route-to (rl1 192.168.2.1) inet from 192.168.2.2 to any
router# ifstat -b -t
Time rl0 rl1 rl2
HH:MM:SS Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
13:03:16 30.65 279.34 232.34 19.79 45.57 9.45
13:03:17 16.34 223.76 147.18 10.18 77.23 4.47
13:03:18 25.76 174.84 98.43 21.73 75.19 2.53
13:03:19 43.44 166.44 105.18 38.60 60.23 3.62
13:03:20 48.17 294.43 190.25 26.56 103.51 20.68
13:03:21 28.47 301.52 240.91 24.35 59.52 2.53
13:03:22 77.20 177.07 106.96 36.40 68.94 39.35
13:03:23 73.34 170.80 120.35 45.27 49.54 26.38
13:03:24 54.52 159.78 110.62 36.67 48.08 16.68
13:03:25 22.39 211.19 107.46 18.64 102.59 2.53
13:03:26 66.88 271.11 167.03 37.27 104.29 27.55
13:03:27 91.18 246.94 78.67 59.88 168.51 29.05
13:03:28 76.45 101.80 89.26 36.50 11.62 38.73
C:\>tracert astaga.com
Tracing route to astaga.com [202.59.169.10]
over a maximum of 30 hops:
1 2 ms <1 ms <1 ms 192.168.3.1
2 40 ms 38 ms 146 ms 1.subnet125-162-88.speedy.telkom.net.id [125.162
.88.1]
3 41 ms 43 ms 43 ms 125.160.0.5
4 66 ms 192.168.3.1 reports: Destination protocol unreachable.
Trace complete.
C:\>tracert yahoo.com
Tracing route to yahoo.com [68.180.206.184]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.2.1
2 46 ms 40 ms 39 ms 1.subnet125-162-88.speedy.telkom.net.id [125.162
.88.1]
3 40 ms 41 ms 43 ms 125.160.0.5
4 * 576 ms 615 ms 203.208.191.233
5 829 ms 619 ms 633 ms ge-0-1-7-0.sngtp-dr1.ix.singtel.com [203.208.151
.177]
6 678 ms 565 ms 605 ms xe-1-0-0-0.sngtp-cr1.ix.singtel.com [203.208.183
.61]
7 749 ms 752 ms 731 ms so-2-0-2-0.plapx-cr2.ix.singtel.com [203.208.149
.242]
8 740 ms 745 ms 858 ms ge-6-0-0-0.plapx-dr2.ix.singtel.com [203.208.183
.166]
9 761 ms 850 ms 830 ms 203.208.145.162
10 761 ms 714 ms 692 ms ae0-p151.msr2.sp1.yahoo.com [216.115.107.75]
11 765 ms 192.168.2.1 reports: Destination protocol unreachable.
Trace complete.
Selamat Mencoba,semoga Sukses
sumber: http://www.openbsd.org/faq/pf/pools.html#outgoing
Langganan:
Posting Komentar (Atom)
Tidak ada komentar:
Posting Komentar