Hey there Oleg,
I have done something similar with 2 internet interfaces, but I use very
crude IPFW rules to "remember" sessions.
I have a seperate natd running for each interface, but my setup includes
mail, web and pptp servers on the LAN which complicates matters.
I did not have load balancing but am using a ping script to monitor
interfaces and re-route traffic using ipfw set's which get enabled and
disabled.
This ping script could be modified to calculate ping times and shift
load by the same method - but that's _really_ rough.
I am sure there are much more elegant ways of doing this though.
Keep us posted!
Graham
Oleg Tarasov wrote:
Hello,
I have an idea of implementation of this common task. Please tell me
if there is some alternative or use my idea to implement advanced NAT
daemon (this would be great). Maybe it would be good to upgrade
standart natd daemon.
The task:
We have several interfaces connected to internet and all having static
IPs and one (or more) interfaces to local network.
We must provide NATed internet access to local network users
load-balancing internet interfaces and providing failover. All session
have to "remember" their outgoing interface as one session will break
if packets start to come from different IPs.
A way to perform this:
- We need to monitor interface state (some simple like up/down) or more
complex like periodic gateway ping for example.
- We need to measure interface load
- We need NAT that aliases outgoing connections to one of these
interfaces
- We need to route outgoing packets based on source IP assigned by
NAT. This can be performed using ipfw forward mechanism.
First three functions would be great to be implemented inside one
daemon like standart natd. Packets should be diverted into it. This
daemon can easily perform all of the tasks listed above as all of the
packets are passed through it.
Using it in a combination with policy-routing would be a powerful
mechanism!
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
