From owner-freebsd-hackers@FreeBSD.ORG Sun Oct 5 00:56:31 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2333D16A4B3 for ; Sun, 5 Oct 2003 00:56:31 -0700 (PDT) Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id F26E243F85 for ; Sun, 5 Oct 2003 00:56:29 -0700 (PDT) (envelope-from nick@rogness.net) Received: from skywalker.rogness.net (localhost [127.0.0.1]) by skywalker.rogness.net (8.12.5/8.12.5) with ESMTP id h95827Vs045356; Sun, 5 Oct 2003 02:02:08 -0600 (MDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost)h95827im045353; Sun, 5 Oct 2003 02:02:07 -0600 (MDT) X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs Date: Sun, 5 Oct 2003 02:02:00 -0600 (MDT) From: Nick Rogness To: Leo Bicknell In-Reply-To: <20031004235400.GA20943@ussenterprise.ufp.org> Message-ID: <20031005014620.H45148-100000@skywalker.rogness.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-hackers@freebsd.org Subject: Re: Changing the NAT IP on demand? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2003 07:56:31 -0000 On Sat, 4 Oct 2003, Leo Bicknell wrote: > > I'm considering options for a new project, and I think I've discovered > what I think is the best idea, but I don't think current software > supports the config. I'd like to get some confirmation, and comments on > if it would be hard to implement. > > Consider: > > > ISP #1-------\ > \ > FreeBSD Box----LAN > / > ISP #2-------/ > > In this case the LAN would be 1918 space, the two ISP's would each > provide a public IP for the FreeBSD box. > > Now, NAT would be required. What I want to do is write an external > application to decide the performance of ISP #1 and ISP#2, and > somehow tell NAT which outside address to use. > > That, by itself, is not hard. Here's the trick. I want the switch > to be seamless. That is, if NAT is translating to ISP #1 and the > application says switch to #2 the existing translations to #1 (until > they go away naturally) should be kept, while new ones go to #2. > > The only ways I know to change the outside address seem to tear down > all existing connections. > > Is it possible to make this work today? Would it be hard to fix if > it doesn't work today? This can simply not work without resetting connections. The socket pair on the "outside" would break as your outside traffic switches from one to the other (src/dst would change). There is no fix, as this breaks basic IP principals. A suggestion to make this kinda work would be to get a range that ISP#1 && ISP#2 would both allow you to route in/out. Then you would have to write some app that routes your traffic out either ISP, keeping the same "outside" range. So you get a range (or single IP), call it X.X.X.X. This is your external (non 1918) address. When packets leave your FreeBSD machine destined for the Internet, the source IP would be X.X.X.X. Since both ISP's allow source IP X.X.X.X out, it is only a matter of determining which ISP to send the traffic out to. This would be done by modifying the routing table (or with fw forwarding of some sort). The inverse is true with traffic inbound from the Internet to X.X.X.X. However, if you are going to go through this type of trouble, you might as well just route peer with the ISPs via BGP or whatnot. Nick Rogness - How many people here have telekenetic powers? Raise my hand. -Emo Philips