From owner-freebsd-hackers  Mon Jun 14 16:55:14 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from xylan.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 78E701500B
	for <hackers@FreeBSD.ORG>; Mon, 14 Jun 1999 16:55:11 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT]))
	id QAA01486; Mon, 14 Jun 1999 16:54:30 -0700 (PDT)
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id QAA17633; Mon, 14 Jun 1999 16:54:30 -0700
Received: from softweyr.com (dyn0.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA25002; Mon, 14 Jun 99 16:54:13 PDT
Message-Id: <37659624.3A6B8F9C@softweyr.com>
Date: Mon, 14 Jun 1999 17:54:12 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: star@iwl.net
Cc: hackers@FreeBSD.ORG
Subject: Re: NAT Gateway to multiple ISPs
References: <199906141306.IAA12874@star1.iwl.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

star@iwl.net wrote:
> 
> Any ideas on the following ?
> 
>   I am setting up a home/office network with NAT filtering gateway
>    on a dual-NIC FreeBSD 3.2 box.  No problem so far - I've set
>    up several like this on 2.2.8 using natd.
> 
>   The new wrinkle is this:  I need to connect to two ISPs
>    (DSL & Cable Modem), ideally with automatic failover and
>    load balancing when multiple internal PC's are generating
>    internet traffic.
> 
>   I know that this requires running gated (or routed) to
>    receive RIP or OSPF messages from the ISPs, and to select the
>    best outgoing ISP's route.
> 
>   The key question is: while the routing program probably
>    requires a third NIC so that each external link has its own
>    device, how can natd handle multiple external internet
>    interfaces.

You could certainly (and easily) do it with *two* FreeBSD boxes:

                 +----------+      +----------+
	Cable -->|  Router  |      | Firewall |
                 |  Gated+  |<---->|  natd+   |<-- internal network
	  DSL -->| FreeBSD  |      | FreeBSD  |
                 +----------+      +----------+

I'm not sure it is possible to virtualize the connection between the
"router" and "firewall" above.  Perhaps with a clever (ab)use of the
bridging code.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message