From owner-freebsd-net@FreeBSD.ORG Thu Jan 26 10:24:35 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2625E16A420 for ; Thu, 26 Jan 2006 10:24:35 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D24943D46 for ; Thu, 26 Jan 2006 10:24:33 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from localhost (localhost [127.0.0.1]) by gandalf.osk.com.ua (Postfix) with ESMTP id 33A7E78C2C; Thu, 26 Jan 2006 12:26:07 +0200 (EET) Received: from gandalf.osk.com.ua ([127.0.0.1]) by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 51596-05; Thu, 26 Jan 2006 12:26:06 +0200 (EET) Received: from OLEG (unknown [192.168.82.111]) by gandalf.osk.com.ua (Postfix) with ESMTP id 77F4178C1C; Thu, 26 Jan 2006 12:26:06 +0200 (EET) Date: Thu, 26 Jan 2006 12:25:24 +0200 From: Oleg Tarasov X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional X-Priority: 3 (Normal) Message-ID: <412777922.20060126122524@osk.com.ua> To: Jon Simola In-Reply-To: <8eea04080601251226g752113e4qe815fbb5de7648fb@mail.gmail.com> References: <831122596.20060125184424@osk.com.ua> <8eea04080601251226g752113e4qe815fbb5de7648fb@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at osk.com.ua Cc: freebsd-net@freebsd.org Subject: Re: Failover and load balancing using advanced NAT daemon X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD MailList List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2006 10:24:35 -0000 Hello, Jon Simola wrote: > You may want to check out PF, the packet filter imported from OpenBSD. > I have it running on some large routers doing NAT out multiple > interfaces, load balancing and policy routing. Careful use of anchors > and some scripting (or ifstated which might be in ports) can move > traffic off failed links or respond to changing loads. > I've done a lot with both ipfw and PF now, and I'm finding PF to be > more flexible for my uses. Thanks. I've looked through PF documentation and find it quite interesting to use in this tasks. In combination with ifstated much can be done. I'm sorry for my incompetence in this case. I have always used ipfw for packet processing and now find a mistake not looking through PF. As I can now say ipfw is faster and easier to configure, but PF contains more flexible mechanisms supporting aliasing address pools for NAT and stateful routing. The only visible problem I see is a lack of policy routing in FreeBSD routing system which is used to create session listener when packets origin is a router itself (like tunnels) and packets cant be passed through NAT to be routed to another interface different from that in routing table. -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua