模板
教程
環境
性能
功能
管理
OpenBSD3.8+PF+PFSYNC+CARP
發表于:2007-05-26來源:作者:點擊數:
標簽:
參考: http://www.countersiege.com/doc/pfsync-carp/ 參考:pfsync 及 carp 手冊 實驗環境: VMWare 5.5,虛擬三臺BSD,兩臺OpenBSD,一臺FreeBSD.每臺OpenBSD均有三塊網卡. 虛擬機1: 名稱:OpenBSD(GZ) 網卡pcn0:192.168.0.110/24 (接外網 vmnet0 橋接 192.168.0
參考:http://www.countersiege.com/doc/pfsync-carp/ 參考:pfsync 及 carp 手冊
實驗環境:
VMWare 5.5,虛擬三臺BSD,兩臺OpenBSD,一臺FreeBSD.每臺OpenBSD均有三塊網卡.
虛擬機1:
名稱:OpenBSD(GZ)
網卡pcn0:192.168.0.110/24 (接外網 vmnet0 橋接 192.168.0.0/24)
網卡pcn1:192.168.20.110/24 (接內網 vmnet2 NAT 192.168.20.0/24)
網卡pcn2:192.168.30.110/24 (pfsync vmnet3 NAT 192.168.30.0/24)
網關:192.168.0.254
虛擬機2:
名稱:OpenBSD(PY)
網卡pcn0:192.168.0.120/24 (接外網 vmnet0 橋接 192.168.0.0/24)
網卡pcn1:192.168.20.120/24 (接內網 vmnet2 NAT 192.168.20.0/24)
網卡pcn2:192.168.30.120/24 (pfsync vmnet3 NAT 192.168.30.0/24)
網關:192.168.0.254
虛擬機3:
名稱:FreeBSD
網卡lnc0:192.168.20.10/24 (接內網 vmnet2 NAT 192.168.20.0/24)
網關:192.168.20.200
[attach]122409[/attach]
設置:
1./etc/pf.conf(兩臺OpenBSD使用相同的規則),下面的規則非常簡單,只用于測試.
ext_if = "pcn0"
int_if = "pcn1"
sync_if = "pcn2"
loop_if = "lo0"
nat on $ext_if from $int_if:network to any -> $ext_if
pass quick on { $sync_if } proto pfsync
pass on { $ext_if $int_if } proto carp keep state
pass in quick all keep state
pass out quick all keep state
2.在OpenBSD(GZ)和OpenBSD(PY)中,分別增加下面文件.
# vi /etc/hostname.carp0
vhid 1 pass foo 192.168.0.200 255.255.255.0
# vi /etc/hostname.carp1
vhid 2 pass bar 192.168.20.200 255.255.255.0
# vi /etc/hostname.pfsync0
syncpeer 192.168.30.200 syncdev pcn2
# vi /etc/rc.conf.local
pf=YES
3.設置FreeBSD
# vi /etc/rc.conf
defaultrouter="192.168.20.200"
ifconfig_lnc0="inet 192.168.20.10 netmask 255.255.255.0"
# vi /etc/resolv.conf
nameserver 202.96.128.68
nameserver 202.96.134.133
4.設置完畢之后,重啟三臺虛擬機.
5.簡單測試:
在FreeBSD虛擬機中,ping一個Internet上的真實IP,隨便關閉那一臺OpenBSD都可以.:em02::em02:
附ifconfig
1.OpenBSD(GZ)
lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
pcn0: flags=8b43 mtu 1500
lladdr 00:0c:29:fe:67:4b
groups: egress
media: Ethernet autoselect (autoselect)
inet 192.168.0.110 netmask 0xffffff00 broadcast 192.168.0.255
pcn1: flags=8b43 mtu 1500
lladdr 00:0c:29:fe:67:55
media: Ethernet autoselect (autoselect)
inet 192.168.20.110 netmask 0xffffff00 broadcast 192.168.20.255
pcn2: flags=8843 mtu 1500
lladdr 00:0c:29:fe:67:5f
media: Ethernet autoselect (autoselect)
inet 192.168.30.110 netmask 0xffffff00 broadcast 192.168.30.255
pflog0: flags=141 mtu 33224
pfsync0: flags=0 mtu 1348
pfsync: syncdev: pcn2 syncpeer: 192.168.30.200 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843 mtu 1500
carp: BACKUP carpdev pcn0 vhid 1 advbase 1 advskew 0
groups: carp
inet 192.168.0.200 netmask 0xffffff00 broadcast 255.255.255.0
carp1: flags=8843 mtu 1500
carp: BACKUP carpdev pcn1 vhid 2 advbase 1 advskew 0
groups: carp
inet 192.168.20.200 netmask 0xffffff00 broadcast 255.255.255.0
2.OpenBSD(PY)
lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff000000
pcn0: flags=8b43 mtu 1500
lladdr 00:0c:29:clearcase/" target="_blank" >cc:f5:37
groups: egress
media: Ethernet autoselect (autoselect)
inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255
pcn1: flags=8b43 mtu 1500
lladdr 00:0c:29:cc:f5:41
media: Ethernet autoselect (autoselect)
inet 192.168.20.120 netmask 0xffffff00 broadcast 192.168.20.255
pcn2: flags=8843 mtu 1500
lladdr 00:0c:29:cc:f5:4b
media: Ethernet autoselect (autoselect)
inet 192.168.30.120 netmask 0xffffff00 broadcast 192.168.30.255
pflog0: flags=141 mtu 33224
pfsync0: flags=0 mtu 1348
pfsync: syncdev: pcn2 syncpeer: 192.168.30.200 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843 mtu 1500
carp: MASTER carpdev pcn0 vhid 1 advbase 1 advskew 0
groups: carp
inet 192.168.0.200 netmask 0xffffff00 broadcast 255.255.255.0
carp1: flags=8843 mtu 1500
carp: MASTER carpdev pcn1 vhid 2 advbase 1 advskew 0
groups: carp
inet 192.168.20.200 netmask 0xffffff00 broadcast 255.255.255.0
3.FreeBSD
# ifconfig
lnc0: flags=108843 mtu 1500
inet 192.168.20.10 netmask 0xffffff00 broadcast 192.168.20.255
inet6 fe80::20c:29ff:fe1d:bbda%lnc0 prefixlen 64 scopeid 0x1
ether 00:0c:29:1d:bb:da
