Date: Thu, 26 Jan 2006 12:25:24 +0200 From: Oleg Tarasov <subscriber@osk.com.ua> To: Jon Simola <jon@abccomm.com> Cc: freebsd-net@freebsd.org Subject: Re: Failover and load balancing using advanced NAT daemon Message-ID: <412777922.20060126122524@osk.com.ua> In-Reply-To: <8eea04080601251226g752113e4qe815fbb5de7648fb@mail.gmail.com> References: <831122596.20060125184424@osk.com.ua> <8eea04080601251226g752113e4qe815fbb5de7648fb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Jon Simola <jon@abccomm.com> wrote: > You may want to check out PF, the packet filter imported from OpenBSD. > I have it running on some large routers doing NAT out multiple > interfaces, load balancing and policy routing. Careful use of anchors > and some scripting (or ifstated which might be in ports) can move > traffic off failed links or respond to changing loads. > I've done a lot with both ipfw and PF now, and I'm finding PF to be > more flexible for my uses. Thanks. I've looked through PF documentation and find it quite interesting to use in this tasks. In combination with ifstated much can be done. I'm sorry for my incompetence in this case. I have always used ipfw for packet processing and now find a mistake not looking through PF. As I can now say ipfw is faster and easier to configure, but PF contains more flexible mechanisms supporting aliasing address pools for NAT and stateful routing. The only visible problem I see is a lack of policy routing in FreeBSD routing system which is used to create session listener when packets origin is a router itself (like tunnels) and packets cant be passed through NAT to be routed to another interface different from that in routing table. -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?412777922.20060126122524>