ФІО = FreeBSD PF 2 канала
 Запитання:http://habrahabr.ru/post/66851/
====================================

 ANSWER ====================================
http://www.ussr.kiev.ua/ru/PF_Squid

 END of ANSWER ====================================


 ANSWER ====================================
http://habrahabr.ru/post/124447/

 END of ANSWER ====================================


 ANSWER ====================================
https://forums.freebsd.org/threads/ipfw-one-isp-two-xdsl-internet-channels-load-balancing.36205/

 END of ANSWER ====================================


 ANSWER ====================================
http://wiki.mesouug.com/index.php/FreeBSD_/_One_ISP_/_Two_and_more_xDSL/internet_channels_/_Load_balancing

 END of ANSWER ====================================


 ANSWER ====================================
#!/bin/sh

DELAY=`/usr/bin/jot -r 1 0 9`

# Delay
echo "${DELAY} seconds delay..."
sleep ${DELAY} 

PIDS=`pgrep -f "/bin/sh /etc/firewall" | wc -l`

#Check if copy of process is already running:
if [ ${PIDS} -gt 1 ]; then
  echo "Another copy is already running."
  exit 1
fi

#Flush out list before we begin.
ipfw -q -f flush
ipfw -q -f nat flush
ipfw -q pipe flush
ipfw -q queue flush

################################################################################

#Set rules command prefix
cmd="ipfw -q"

pif0="adsl1"
pif0ip=`ifconfig $pif0 inet | grep inet | awk '{print $2}'`
pif0gw=`ifconfig $pif0 inet | grep inet | awk '{print $4}'`

pif1="adsl2"
pif1ip=`ifconfig $pif1 inet | grep inet | awk '{print $2}'`
pif1gw=`ifconfig $pif1 inet | grep inet | awk '{print $4}'`

pif2="vlan200"
pif2ip="10.61.168.231"
pif2gw="10.61.168.1"


if [ ! -z "$pif0ip" ]; then
  pif0status="UP"
  else
    pif0status="DOWN"
fi

if [ ! -z "$pif1ip" ]; then
  pif1status="UP"
  else
    pif1status="DOWN"
fi

if [ -f /vlan200.status ]; then
  pif2status=`cat /vlan200.status`
else
  pif2status="DOWN"
fi

# Override
#pif0status="DOWN"
#pif1status="DOWN"
#pif2status="DOWN"

################################################################################

$cmd add 100 allow ip from any to any via lo0
$cmd add     deny ip from any to 127.0.0.0/8
$cmd add     deny ip from 127.0.0.0/8 to any

$cmd add 1100 skipto 2040 ip from any to any out xmit $lif tagged 101 keep-state
$cmd add      skipto 2080 ip from any to any out xmit $lif tagged 102 keep-state
$cmd add      skipto 2100 ip from any to any out xmit $lif tagged 120 keep-state

$cmd add 1500 deny gre from 192.168.1.XXX to any // This rule will drop first GRE packet from PPTP SERVER when VPN initiates 

# Next few IF's will keep firewall rules consistent in cases if ISP connections will go down

if [ $pif0status == "UP" ] && [ $pif1status == "UP" ]; then 
  $cmd add 2000 skipto 2040 ip from table\(101\) to any in recv $lif // Smart Load balancing using arpalert 
  $cmd add      skipto 2080 ip from table\(102\) to any in recv $lif // Smart Load balancing using arpalert 
fi

if [ $pif2status == "UP" ]; then
  $cmd add      skipto 2100 ip from table\(120\) to any in recv $lif // Smart Load balancing using arpalert 
fi

if [ $pif0status == "UP" ]; then
  $cmd add 2040 setfib 0 ip from any to any via $lif keep-state
  $cmd add 2050 allow tag 101 ip from any to any via $lif
fi

if [ $pif1status == "UP" ]; then
  $cmd add 2080 setfib 1 ip from any to any via $lif keep-state
  $cmd add 2090 allow tag 102 ip from any to any via $lif
fi

if [ $pif2status == "UP" ]; then
  $cmd add 2100 setfib 2 ip from any to any via $lif keep-state
  $cmd add 2110 allow tag 120 ip from any to any via $lif
fi

################################################################################

$cmd add 3050 deny ip from any to 192.168.0.0/16 in recv $pifs
$cmd add      deny ip from 192.168.0.0/16 to any in recv $pifs
$cmd add      deny ip from any to 172.16.0.0/12 in recv $pifs
$cmd add      deny ip from 172.16.0.0/12 to any in recv $pifs
$cmd add      deny ip from any to 10.0.0.0/8 in recv $pifs
$cmd add      deny ip from 10.0.0.0/8 to any in recv $pifs
$cmd add      deny ip from any to 169.254.0.0/16 in recv $pifs
$cmd add      deny ip from 169.254.0.0/16 to any in recv $pifs

################################################################################

if [ $pif1status == "UP" ]; then
  $cmd add 11000 fwd $pif1gw all from $pif1ip to any via $pif0 // Send reply to necessary interface
fi

if [ $pif2status == "UP" ]; then
  $cmd add 11100 fwd $pif2gw all from $pif2ip to any via $pif0 // Send reply to necessary interface
fi

################################################################################

$cmd add 13000 skipto 31000 log ip from any to $pif0ip 22 in recv $pif0 // sshd
$cmd add       skipto 31000 log ip from any to $pif1ip 22 in recv $pif1 // sshd
$cmd add       skipto 31000 log ip from any to $pif2ip 22 in recv $pif2 // sshd
$cmd add       skipto 31000 log ip from any to $pif0ip 1723 in recv $pif0 // PPTP server
$cmd add       skipto 31000 log ip from any to $pif1ip 1723 in recv $pif1 // PPTP server
$cmd add       skipto 31000 log ip from any to $pif2ip 1723 in recv $pif2 // PPTP server
$cmd add       skipto 31000 gre from any to $pif0ip in recv $pif0 // PPTP server
$cmd add       skipto 31000 gre from any to $pif1ip in recv $pif1 // PPTP server
$cmd add       skipto 31000 gre from any to $pif2ip in recv $pif2 // PPTP server

################################################################################

if [ $pif0status == "UP" ]; then
  $cmd add 20000 deny log ip from any to any in via $pif0 setup // Reject and Log all setup of incoming connections from the outside 
  $cmd add       deny log ip from any to any in via $pif1 setup // Reject and Log all setup of incoming connections from the outside 
  $cmd add       deny log ip from any to any in via $pif2 setup // Reject and Log all setup of incoming connections from the outside 
fi

################################################################################

if [ $pif0status == "UP" ]; then
  $cmd nat 101 config if $pif0 same_ports reset \
			redirect_port tcp 192.168.1.XXX:1723 $pif0ip:1723 \
                        redirect_proto gre 192.168.1.XXX $pif0ip
fi

if [ $pif1status == "UP" ]; then
  $cmd nat 102 config if $pif1 same_ports reset \
			redirect_port tcp 192.168.1.XXX:1723 $pif1ip:1723 \
                        redirect_proto gre 192.168.1.XXX $pif1ip
fi

if [ $pif2status == "UP" ]; then
  $cmd nat 120 config if $pif2 same_ports reset \
			redirect_port tcp 192.168.1.XXX:1723 $pif2ip:1723 \
                        redirect_proto gre 192.168.1.XXX $pif2ip
fi

################################################################################

# NAT
if [ $pif0status == "UP" ]; then

  $cmd add 31000 nat 101 ip from any to any via $pif0 // $pif0 nat
  $cmd add       skipto 35000 tag 101 ip from any to any in recv $pif0
fi

if [ $pif1status == "UP" ]; then
  $cmd add 31500 nat 102 ip from any to any via $pif1 // $pif1 nat
  $cmd add       skipto 35000 tag 102 ip from any to any in recv $pif1
fi

if [ $pif2status == "UP" ]; then
  $cmd add 32500 nat 120 ip from any to any via $pif2 // $pif2 nat 
  $cmd add       skipto 35000 tag 120 ip from any to any in recv $pif2
fi


################################################################################

$cmd add 35000 allow tcp from any to any established // Allow TCP through if setup succeeded

$cmd add 50000 allow all from any to any
$cmd add 65534 deny all from any to any

################################################################################

exit 0

 END of ANSWER ====================================


 ANSWER ====================================
http://skeletor.org.ua/?p=1279

 END of ANSWER ====================================


 ANSWER ====================================
http://birdofluck.livejournal.com/8778.html

 END of ANSWER ====================================


 ANSWER ====================================
Well, let's suppose that your ISP interfaces have respectively $ispN_ip and 
$ispN_router as interface IP and ISP router IP. And that $natN is the divert 
port corresponding to the NAT for the given ISP. Then you get something like 

# This treats incoming trafic 
ipfw add 1310 divert $nat1 ip from any to any in via $if1 
ipfw add 1320 divert $nat2 ip from any to any in via $if2 
... 
ipfw add 13N0 divert $natN ip from any to any in via $ifN 

# Check states 
ipfw add 3000 check-state 

# Load balance outgoing trafic 
# Note: change 1/N, 1/(N-1), etc by actual values for your N 
ipfw add 10100 prob 1/N skipto 20100 ip from $internal to any keep-state 
ipfw add 10200 prob 1/(N-1) skipto 20200 ip from $internal to any keep-state 
... 
ipfw add 10N00 skipto 20N00 ip from $internal to any keep-state 

# Do outgoing NAT 
ipfw add 20100 divert $nat1 from $internal to any out 
ipfw add 20110 fwd $isp1_router ip from $isp1_ip 
ipfw add 20200 divert $nat2 from $internal to any out 
ipfw add 20210 fwd $isp2_router ip from $isp2_ip 
... 
ipfw add 20N00 divert $natN from $internal to any out 
ipfw add 20N10 fwd $ispN_router ip from $ispN_ip 


And here is what the natd.conf would look like 

### ISP 1 ### 
port 8868 
dynamic yes 
interface re1 

### ISP 2 ### 
instance dsl2 
port 8869 
dynamic yes 
interface re2 

### ISP N ### 
instance dsl3 
port 8870 
dynamic yes 
interface re 

 END of ANSWER ====================================


 ANSWER ====================================
http://www.linux.org.ru/forum/admin/10011112

 END of ANSWER ====================================


 ANSWER ====================================
#!/bin/sh -
fwcmd="/sbin/ipfw -q"

ips1="em0"
ips2="em1"

${fwcmd} -f flush

# allow ssh on all interface
${fwcmd} add allow tcp from any to me 2211 in via ${ips1}
${fwcmd} add allow tcp from any to me 2211 in via ${ips2}

# network address translation
${fwcmd} add fwd 195.111.111.111 ip from 195.151.111.112 to any
${fwcmd} add fwd 62.117.222.222 ip from 62.117.222.223 to any

${fwcmd} nat 1 config if ${ips1} reset deny_in same_ports unreg_only redirect_port tcp 192.168.ххх.ххх:2900 2900

${fwcmd} nat 2 config if ${ips2} reset deny_in same_ports unreg_only redirect_port tcp 192.168.ххх.ххх:2900 2900

${fwcmd} add nat 1 all from any to any
${fwcmd} add nat 2 all from any to any

# Deny all
${fwcmd} add deny all from any to any

 END of ANSWER ====================================


 ANSWER ====================================
http://www.lissyara.su/articles/freebsd/tuning/ipfw_nat/

 END of ANSWER ====================================


 ANSWER ====================================
${FwCMD} add nat 100 all from ${User1} to any out via ${LanOut1}
${FwCMD} add nat 100 all from any to ${IpOut} in via ${LanOut1}
${FwCMD} add nat 200 all from ${User2} to any out via ${LanOut2}
${FwCMD} add nat 200 all from any to ${IpOut} in via ${LanOut2}

 END of ANSWER ====================================


 ANSWER ====================================
http://www.hilik.org.ua/freebsd-организовываем-резервный-канал/

 END of ANSWER ====================================


 ANSWER ====================================
http://technotrance.su/index.php/moi-zametki/24-autoswitching-internet

 END of ANSWER ====================================


 ANSWER ====================================
http://habrahabr.ru/post/66851/

 END of ANSWER ====================================


 ANSWER ====================================
Проблему перенаправлением порта 3389 решил.
в etc/natd.conf написано - 
port 8668
redirect_port tcp 192.168.10.1:3389 212.119.109.58:3389
redirect_port tcp 192.168.10.5:110 212.119.109.58:110

firewall.conf -

fwcmd="/sbin/ipfw -q"
lanout="fxp0"
lanin="fxp1"
ipout="212.212.212.121"
ipin="192.168.10.254"
netmask="24"
netin="192.168.10.0"
${fwcmd} -f flush
${fwcmd} add check-state
${fwcmd} add allow ip from any to any via lo0
${fwcmd} add divert 8668 tcp from any to 212.212.212.121 3389 via fxp0
${fwcmd} add divert 8668 tcp from 192.168.10.1 3389 to any via fxp0
${fwcmd} add allow tcp from any to 192.168.10.1 3389 via any
${fwcmd} add divert 8668 tcp from any to 212.212.212.121 110 via fxp0
${fwcmd} add divert 8668 tcp from 192.168.10.5 110 to any via fxp0
${fwcmd} add allow tcp from any to 192.168.10.5 110 via any
${fwcmd} add divert natd ip from ${netin}/${netmask} to any out via ${lanout}
${fwcmd} add divert natd ip from any to ${ipout} in via ${lanout}
${fwcmd} add allow tcp from any to any established
${fwcmd} add allow ip from ${ipout} to any out xmit ${lanout}
${fwcmd} add allow udp from any 53 to any via ${lanout}
${fwcmd} add allow tcp from any to ${ipout} 49152-65535 via ${lanout}
${fwcmd} add allow icmp from any to any icmptypes 0,8,11
${fwcmd} add allow tcp from any to ${ipout} 25 via ${lanout}
${fwcmd} add allow tcp from any to ${ipout} 110 via ${lanout}
${fwcmd} add allow tcp from any to any via ${lanin}
${fwcmd} add allow udp from any to any via ${lanin}
${fwcmd} add allow icmp from any to any via ${lanin}
${fwcmd} add deny log tcp from any to any

В таком виде редирект порта 3389 работает, а вот почта так и не перенаправляется на 192.168.10.5

 END of ANSWER ====================================


 ANSWER ====================================
http://forum.lissyara.su/viewtopic.php?f=8&t=19448

 END of ANSWER ====================================


 ANSWER ====================================
http://www.opennet.ru/base/net/2link_balance2.txt.html

 END of ANSWER ====================================


 ANSWER ====================================
http://sysadmins.ru/topic320039.html

 END of ANSWER ====================================