设为首页收藏本站

LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
LinuxSir.cn,穿越时空的Linuxsir!»论坛 Unix 技术讨论区 —— LinuxSir.cn BSD 讨论专题 [原创]OpenBSD 3.8 + PF + PFSYNC + CARP
返回列表 发新帖
查看: 1918|回复: 1

[原创]OpenBSD 3.8 + PF + PFSYNC + CARP

[复制链接]
congli
发表于 2005-12-2 10:56:26 | 显示全部楼层 |阅读模式
OpenBSD 3.8 + PF + PFSYNC + CARP
日期:2005.12.1
作者:congli

参考: http://www.countersiege.com/doc/pfsync-carp/
参考: pfsync 及 carp 手册

实验环境:
VMWare 5.5,虚拟三台BSD,两台OpenBSD,一台FreeBSD.每台OpenBSD均有三块网卡.
虚拟机1:
名称:OpenBSD(GZ)
网卡pcn0:192.168.0.110/24        (接外网 vmnet0 桥接 192.168.0.0/24)
网卡pcn1:192.168.20.110/24        (接内网 vmnet2 NAT 192.168.20.0/24)
网卡pcn2:192.168.30.110/24        (pfsync vmnet3 NAT 192.168.30.0/24)
网关:192.168.0.254

虚拟机2:
名称:OpenBSD(PY)
网卡pcn0:192.168.0.120/24        (接外网 vmnet0 桥接 192.168.0.0/24)
网卡pcn1:192.168.20.120/24        (接内网 vmnet2 NAT 192.168.20.0/24)
网卡pcn2:192.168.30.120/24        (pfsync vmnet3 NAT 192.168.30.0/24)
网关:192.168.0.254

虚拟机3:
名称:FreeBSD
网卡lnc0:192.168.20.10/24        (接内网 vmnet2 NAT 192.168.20.0/24)
网关:192.168.20.200

bbs.linuxsir.cn/attachment.php?aid=122409

设置:
1./etc/pf.conf(两台OpenBSD使用相同的规则),下面的规则非常简单,只用于测试.

  2. ext_if  = "pcn0"
  3. int_if  = "pcn1"
  4. sync_if = "pcn2"
  5. loop_if = "lo0"

  7. nat on $ext_if from $int_if:network to any -> $ext_if

  9. pass quick on { $sync_if } proto pfsync
  10. pass on { $ext_if $int_if } proto carp keep state

  12. pass in quick all keep state
  13. pass out quick all keep state
复制代码


2.在OpenBSD(GZ)和OpenBSD(PY)中,分别增加下面文件.
# vi /etc/hostname.carp0
  1. vhid 1 pass foo 192.168.0.200 255.255.255.0
复制代码


# vi /etc/hostname.carp1
  1. vhid 2 pass bar 192.168.20.200 255.255.255.0
复制代码


# vi /etc/hostname.pfsync0
  1. syncpeer 192.168.30.200 syncdev pcn2
复制代码


# vi /etc/rc.conf.local
  1. pf=YES
复制代码


3.设置FreeBSD
# vi /etc/rc.conf

  2. defaultrouter="192.168.20.200"
  3. ifconfig_lnc0="inet 192.168.20.10 netmask 255.255.255.0"
复制代码


# vi /etc/resolv.conf

  2. nameserver 202.96.128.68
  3. nameserver 202.96.134.133
复制代码


4.设置完毕之后,重启三台虚拟机.

5.简单测试:
在FreeBSD虚拟机中,ping一个Internet上的真实IP,随便关闭那一台OpenBSD都可以.:em02::em02:

附ifconfig
1.OpenBSD(GZ)

  2. lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
  3.         groups: lo
  4.         inet 127.0.0.1 netmask 0xff000000
  5. pcn0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
  6.         lladdr 00:0c:29:fe:67:4b
  7.         groups: egress
  8.         media: Ethernet autoselect (autoselect)
  9.         inet 192.168.0.110 netmask 0xffffff00 broadcast 192.168.0.255
  10. pcn1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
  11.         lladdr 00:0c:29:fe:67:55
  12.         media: Ethernet autoselect (autoselect)
  13.         inet 192.168.20.110 netmask 0xffffff00 broadcast 192.168.20.255
  14. pcn2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  15.         lladdr 00:0c:29:fe:67:5f
  16.         media: Ethernet autoselect (autoselect)
  17.         inet 192.168.30.110 netmask 0xffffff00 broadcast 192.168.30.255
  18. pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
  19. pfsync0: flags=0<> mtu 1348
  20.         pfsync: syncdev: pcn2 syncpeer: 192.168.30.200 maxupd: 128
  21. enc0: flags=0<> mtu 1536
  22. carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  23.         carp: BACKUP carpdev pcn0 vhid 1 advbase 1 advskew 0
  24.         groups: carp
  25.         inet 192.168.0.200 netmask 0xffffff00 broadcast 255.255.255.0
  26. carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  27.         carp: BACKUP carpdev pcn1 vhid 2 advbase 1 advskew 0
  28.         groups: carp
  29.         inet 192.168.20.200 netmask 0xffffff00 broadcast 255.255.255.0
复制代码


2.OpenBSD(PY)

  2. lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
  3.         groups: lo
  4.         inet 127.0.0.1 netmask 0xff000000
  5. pcn0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
  6.         lladdr 00:0c:29:cc:f5:37
  7.         groups: egress
  8.         media: Ethernet autoselect (autoselect)
  9.         inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255
  10. pcn1: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500
  11.         lladdr 00:0c:29:cc:f5:41
  12.         media: Ethernet autoselect (autoselect)
  13.         inet 192.168.20.120 netmask 0xffffff00 broadcast 192.168.20.255
  14. pcn2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  15.         lladdr 00:0c:29:cc:f5:4b
  16.         media: Ethernet autoselect (autoselect)
  17.         inet 192.168.30.120 netmask 0xffffff00 broadcast 192.168.30.255
  18. pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33224
  19. pfsync0: flags=0<> mtu 1348
  20.         pfsync: syncdev: pcn2 syncpeer: 192.168.30.200 maxupd: 128
  21. enc0: flags=0<> mtu 1536
  22. carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  23.         carp: MASTER carpdev pcn0 vhid 1 advbase 1 advskew 0
  24.         groups: carp
  25.         inet 192.168.0.200 netmask 0xffffff00 broadcast 255.255.255.0
  26. carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  27.         carp: MASTER carpdev pcn1 vhid 2 advbase 1 advskew 0
  28.         groups: carp
  29.         inet 192.168.20.200 netmask 0xffffff00 broadcast 255.255.255.0
复制代码


3.FreeBSD

  2. # ifconfig
  3. lnc0: flags=108843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  4.         inet 192.168.20.10 netmask 0xffffff00 broadcast 192.168.20.255
  5.         inet6 fe80::20c:29ff:fe1d:bbda%lnc0 prefixlen 64 scopeid 0x1
  6.         ether 00:0c:29:1d:bb:da
复制代码

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x
回复

使用道具 举报

yanyp
发表于 2005-12-3 23:56:26 | 显示全部楼层

嗯,不错,帮顶

嗯,不错
要是有"Something bigger
This larger configuration is in place at a large educational institution, providing load balancing and redundancy for a cluster of web servers:
"这个就更好了
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表