当前位置: 首页 > 图文教程 > 服务器 > Linux服务器 > OpenBSD3.8+PF+PFSYNC+CARP

Linux服务器
linux下用cron定时执行任务的方法
.htaccess绑定域名到子目录的方法
linux apache下虚拟主机配置方法
apache 局域网访问配置方案
linux Apache服务器系统安全设置与优化
linux中mac地址绑定方法
linux托盘不断闪烁之解决方法
Apache配置 虚拟转向实例
Apache No space left on device的解决办法
Apache rewrite的重写相关的参数说明
LINUX入门级常用命令20条整理
Ubuntu设置开机自动挂载所有格式硬盘分区
5个可能被你忽略的Linux安全设置方法
学习Apache的mod rewrite、access写法
改版时保留原链接,创建新的URL的方法
rsync中文手册之使用rsync实现网站镜像和备份linux
rsync 数据同步使用详解
linux URL的301重定向代码分析
eclipse3.2.2 + MyEclipse5.5 + Tomcat5.5.27 配置数据库连接池
Apache服务器二级域名的完美实现

Linux服务器 中的 OpenBSD3.8+PF+PFSYNC+CARP


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-18   浏览: 118 ::
收藏到网摘: n/a

参考:http://www.countersiege.com/doc/pfsync-carp/
参考:pfsync及carp手册
实验环境:
VMWare5.5,虚拟三台BSD,两台OpenBSD,一台FreeBSD.每台OpenBSD均有三块网卡.
虚拟机1:
名称:OpenBSD(GZ)
网卡pcn0:192.168.0.110/24(接外网vmnet0桥接192.168.0.0/24)
网卡pcn1:192.168.20.110/24(接内网vmnet2NAT192.168.20.0/24)
网卡pcn2:192.168.30.110/24(pfsyncvmnet3NAT192.168.30.0/24)
网关:192.168.0.254

虚拟机2:
名称:OpenBSD(PY)
网卡pcn0:192.168.0.120/24(接外网vmnet0桥接192.168.0.0/24)
网卡pcn1:192.168.20.120/24(接内网vmnet2NAT192.168.20.0/24)
网卡pcn2:192.168.30.120/24(pfsyncvmnet3NAT192.168.30.0/24)
网关:192.168.0.254
虚拟机3:
名称:FreeBSD
网卡lnc0:192.168.20.10/24(接内网vmnet2NAT192.168.20.0/24)
网关:192.168.20.200
[attach]122409[/attach]
设置:
1./etc/pf.conf(两台OpenBSD使用相同的规则),下面的规则非常简单,只用于测试.
ext_if="pcn0"
int_if="pcn1"
sync_if="pcn2"
loop_if="lo0"
naton$ext_iffrom$int_if:networktoany->$ext_if
passquickon{$sync_if}protopfsync
passon{$ext_if$int_if}protocarpkeepstate
passinquickallkeepstate
passoutquickallkeepstate
2.在OpenBSD(GZ)和OpenBSD(PY)中,分别增加下面文件.
#vi/etc/hostname.carp0
vhid1passfoo192.168.0.200255.255.255.0
#vi/etc/hostname.carp1
vhid2passbar192.168.20.200255.255.255.0
#vi/etc/hostname.pfsync0
syncpeer192.168.30.200syncdevpcn2
#vi/etc/rc.conf.local
pf=YES
3.设置FreeBSD
#vi/etc/rc.conf
defaultrouter="192.168.20.200"
ifconfig_lnc0="inet192.168.20.10netmask255.255.255.0"
#vi/etc/resolv.conf
nameserver202.96.128.68
nameserver202.96.134.133
4.设置完毕之后,重启三台虚拟机.
5.简单测试:
在FreeBSD虚拟机中,ping一个Internet上的真实IP,随便关闭那一台OpenBSD都可以.:em02::em02:
附ifconfig
1.OpenBSD(GZ)
lo0:flags=8049mtu33224
groups:lo
inet127.0.0.1netmask0xff000000
pcn0:flags=8b43mtu1500
lladdr00:0c:29:fe:67:4b
groups:egress
media:Ethernetautoselect(autoselect)
inet192.168.0.110netmask0xffffff00broadcast192.168.0.255
pcn1:flags=8b43mtu1500
lladdr00:0c:29:fe:67:55
media:Ethernetautoselect(autoselect)
inet192.168.20.110netmask0xffffff00broadcast192.168.20.255
pcn2:flags=8843mtu1500
lladdr00:0c:29:fe:67:5f
media:Ethernetautoselect(autoselect)
inet192.168.30.110netmask0xffffff00broadcast192.168.30.255
pflog0:flags=141mtu33224
pfsync0:flags=0mtu1348
pfsync:syncdev:pcn2syncpeer:192.168.30.200maxupd:128
enc0:flags=0mtu1536
carp0:flags=8843mtu1500
carp:BACKUPcarpdevpcn0vhid1advbase1advskew0
groups:carp
inet192.168.0.200netmask0xffffff00broadcast255.255.255.0
carp1:flags=8843mtu1500
carp:BACKUPcarpdevpcn1vhid2advbase1advskew0
groups:carp
inet192.168.20.200netmask0xffffff00broadcast255.255.255.0

2.OpenBSD(PY)
lo0:flags=8049mtu33224
groups:lo
inet127.0.0.1netmask0xff000000
pcn0:flags=8b43mtu1500
lladdr00:0c:29:cc:f5:37
groups:egress
media:Ethernetautoselect(autoselect)
inet192.168.0.120netmask0xffffff00broadcast192.168.0.255
pcn1:flags=8b43mtu1500
lladdr00:0c:29:cc:f5:41
media:Ethernetautoselect(autoselect)
inet192.168.20.120netmask0xffffff00broadcast192.168.20.255
pcn2:flags=8843mtu1500
lladdr00:0c:29:cc:f5:4b
media:Ethernetautoselect(autoselect)
inet192.168.30.120netmask0xffffff00broadcast192.168.30.255
pflog0:flags=141mtu33224
pfsync0:flags=0mtu1348
pfsync:syncdev:pcn2syncpeer:192.168.30.200maxupd:128
enc0:flags=0mtu1536
carp0:flags=8843mtu1500
carp:MASTERcarpdevpcn0vhid1advbase1advskew0
groups:carp
inet192.168.0.200netmask0xffffff00broadcast255.255.255.0
carp1:flags=8843mtu1500
carp:MASTERcarpdevpcn1vhid2advbase1advskew0
groups:carp
inet192.168.20.200netmask0xffffff00broadcast255.255.255.0
3.FreeBSD
#ifconfig
lnc0:flags=108843mtu1500
inet192.168.20.10netmask0xffffff00broadcast192.168.20.255
inet6fe80::20c:29ff:fe1d:bbda%lnc0prefixlen64scopeid0x1
ether00:0c:29:1d:bb:da