PF、负载均衡网关和 Squid
因此,我有一台运行 PF 和 Squid 的 FreeBSD 路由器,它具有三个网络接口:两个连接到上游提供商(分别为 em0 和 em1),一个用于 LAN(< code>re0) 我们提供服务。有一些负载平衡配置有PF。基本上,它通过一个接口 (em0) 将所有流量路由到端口 1-1024,并通过另一个接口 (em1) 将其他所有流量路由到端口 1-1024。
现在,我的盒子上也运行了一个 Squid 代理,它可以透明地将任何 HTTP 请求从 LAN 重定向到 127.0.0.1 中的端口 3128。由于Squid将此请求重定向到外部的HTTP,因此它应该通过em0遵循负载均衡规则,不是吗?问题是,当我们测试它时(通过从 LAN 中的计算机浏览到 http://whatismyip.com ,它会报告 em1 接口的外部 IP!当我们关闭 Squid 时,会报告 em0 的外部 IP,正如我所期望的那样
。我们设置的负载平衡规则?
这是我在 /etc/pf.conf 中的相关设置:
ext_if1="em1" # DSL
ext_if2="em0" # T1
int_if="re0"
ext_gw1="x.x.x.1"
ext_gw2="y.y.y.1"
int_addr="10.0.0.1"
int_net="10.0.0.0/16"
dsl_ports = "1024:65535"
t1_ports = "1:1023"
...
squid=3128
rdr on $int_if inet proto tcp from $int_net \
to any port 80 -> 127.0.0.1 port $squid
pass in quick on $int_if route-to lo0 inet proto tcp \
from $int_net to 127.0.0.1 port $squid keep state
...
# load balancing
pass in on $int_if route-to ($ext_if1 $ext_gw1) \
proto tcp from $int_net to any port $dsl_ports keep state
pass in on $int_if route-to ($ext_if1 $ext_gw1) \
proto udp from $int_net to any port $dsl_ports
pass in on $int_if route-to ($ext_if2 $ext_gw2) \
proto tcp from $int_net to any port $t1_ports keep state
pass in on $int_if route-to ($ext_if2 $ext_gw2) \
proto udp from $int_net to any port $t1_ports
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
我尝试附加以下规则,但没有任何作用:
pass in on $int_if route-to ($ext_if2 $ext_gw2) \
proto tcp from 127.0.0.1 to any port $t1_ports keep state
谢谢!
So I have a FreeBSD router running PF and Squid, and it has three network interfaces: two connected to upstream providers (em0 and em1 respectively), and one for LAN (re0) that we serve. There is some load balancing configured with PF. Basically, it routes all traffic to ports 1-1024 through one interface (em0) and everything else through the other (em1).
Now, I have a Squid proxy also running on the box that transparently redirects any HTTP request from LAN to port 3128 in 127.0.0.1. Since Squid redirects this request to HTTP outside, it should follow the load balancing rule through em0, no? The problem is, when we tested it out (by browsing from a computer in the LAN to http://whatismyip.com, it reports the external IP of the em1 interface! When we turn Squid off, the external IP of em0 is reported, as expected.
How do I make Squid behave with the load balancing rule that we have set up?
Here's the related settings in /etc/pf.conf that I have:
ext_if1="em1" # DSL
ext_if2="em0" # T1
int_if="re0"
ext_gw1="x.x.x.1"
ext_gw2="y.y.y.1"
int_addr="10.0.0.1"
int_net="10.0.0.0/16"
dsl_ports = "1024:65535"
t1_ports = "1:1023"
...
squid=3128
rdr on $int_if inet proto tcp from $int_net \
to any port 80 -> 127.0.0.1 port $squid
pass in quick on $int_if route-to lo0 inet proto tcp \
from $int_net to 127.0.0.1 port $squid keep state
...
# load balancing
pass in on $int_if route-to ($ext_if1 $ext_gw1) \
proto tcp from $int_net to any port $dsl_ports keep state
pass in on $int_if route-to ($ext_if1 $ext_gw1) \
proto udp from $int_net to any port $dsl_ports
pass in on $int_if route-to ($ext_if2 $ext_gw2) \
proto tcp from $int_net to any port $t1_ports keep state
pass in on $int_if route-to ($ext_if2 $ext_gw2) \
proto udp from $int_net to any port $t1_ports
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any
I have tried appending the following rule, but it did nothing:
pass in on $int_if route-to ($ext_if2 $ext_gw2) \
proto tcp from 127.0.0.1 to any port $t1_ports keep state
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您希望所有传出的鱿鱼请求都发送到特定接口上的特定IP地址,您应该能够使用squid.conf中的“tcp_outgoing_address”选项来指定em0上的IP地址。
If you want all outgoing squid requests to go to a specific IP address on a specific interface, you should be able to use the "tcp_outgoing_address" option in squid.conf to specify an IP address on em0.