From owner-freebsd-net@FreeBSD.ORG  Wed Jan 25 21:05:08 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 498B616A4B3
	for <freebsd-net@freebsd.org>; Wed, 25 Jan 2006 21:05:05 +0000 (GMT)
	(envelope-from jsimola@gmail.com)
Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.204])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 998F4449B5
	for <freebsd-net@freebsd.org>; Wed, 25 Jan 2006 20:33:33 +0000 (GMT)
	(envelope-from jsimola@gmail.com)
Received: by uproxy.gmail.com with SMTP id o2so12095uge
	for <freebsd-net@freebsd.org>; Wed, 25 Jan 2006 12:33:32 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=Z/Fj6PpRR3wMwwM1lucIyFHkFI5LNl+JXJfcvrkWRQaYHtCP799rtD/q3ooO9DfKYlDnGu8JvccewIXS7FBOL/rCep3lGG1YnXewMTT/17Gi9X94amwjtOSD8+MgXY3tjOFIRMfjv55C17E33VuneUE5SE0CHfNx/uqg7SVZ0Lw=
Received: by 10.66.252.18 with SMTP id z18mr486057ugh;
	Wed, 25 Jan 2006 12:26:19 -0800 (PST)
Received: by 10.66.223.13 with HTTP; Wed, 25 Jan 2006 12:26:19 -0800 (PST)
Message-ID: <8eea04080601251226g752113e4qe815fbb5de7648fb@mail.gmail.com>
Date: Wed, 25 Jan 2006 12:26:19 -0800
From: Jon Simola <jon@abccomm.com>
Sender: jsimola@gmail.com
To: FreeBSD MailList <subscriber@osk.com.ua>
In-Reply-To: <831122596.20060125184424@osk.com.ua>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <831122596.20060125184424@osk.com.ua>
Cc: freebsd-net@freebsd.org
Subject: Re: Failover and load balancing using advanced NAT daemon
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jan 2006 21:05:09 -0000

On 1/25/06, Oleg Tarasov <subscriber@osk.com.ua> wrote:

> First three functions would be great to be implemented inside one
> daemon like standart natd. Packets should be diverted into it. This
> daemon can easily perform all of the tasks listed above as all of the
> packets are passed through it.
>
> Using it in a combination with policy-routing would be a powerful
> mechanism!

You may want to check out PF, the packet filter imported from OpenBSD.
I have it running on some large routers doing NAT out multiple
interfaces, load balancing and policy routing. Careful use of anchors
and some scripting (or ifstated which might be in ports) can move
traffic off failed links or respond to changing loads.

I've done a lot with both ipfw and PF now, and I'm finding PF to be
more flexible for my uses.

--
Jon Simola
Systems Administrator
ABC Communications