From owner-freebsd-net@FreeBSD.ORG Tue Aug 13 12:46:48 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 98A463A5 for ; Tue, 13 Aug 2013 12:46:48 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (cust.static.213-3-30-106.swisscomdata.ch [213.3.30.106]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 139672418 for ; Tue, 13 Aug 2013 12:46:47 +0000 (UTC) Received: from insomnia.benzedrine.cx (localhost [127.0.0.1]) by insomnia.benzedrine.cx (8.14.6/8.14.5) with ESMTP id r7DCfrWt010815 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 13 Aug 2013 14:41:53 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.14.6/8.14.5/Submit) id r7DCfr7U016961; Tue, 13 Aug 2013 14:41:53 +0200 (MEST) Date: Tue, 13 Aug 2013 14:41:53 +0200 From: Daniel Hartmeier To: "artem@artem.ru" Subject: Re: Different providers for different nat clients Message-ID: <20130813124153.GA16266@insomnia.benzedrine.cx> References: <520A2279.6050600@artem.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <520A2279.6050600@artem.ru> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Aug 2013 12:46:48 -0000 On Tue, Aug 13, 2013 at 04:11:37PM +0400, artem@artem.ru wrote: > There is a router with 3 interfaces: > > IF1: PROVIDER A > IF2: PROVIDER B > IF3: LAN > > Clients served via NAT. There are about 15 clients. > > Now, what i need to do: > > By default all traffic from all clients goes to PROVIDER A via IF1. > But, if total incoming traffic for any particular client becomes > over X Mb then that client > and only that client must be switch for PROVIDER B. The switch must > be automatic and must > not use any software on the client side. > While i know how to count traffic i don't understand how to route > external traffic to/from > nat clients on particular external interface. > > Any idea how it is done? This is called source-based routing, and at least pf and ipfw support it. Using pf it could look like table nat on IF1 from !IF1 -> IF1 nat on IF2 from !IF2 -> IF2 pass in on IF3 route-to (IF2 GW2) from with the default route going through IF1 to GW1. To add a client to the table, use pfctl -t overquota -Ta 192.168.2.3 Subsequent new connections will go out through the second provider. Existing prior connections will continue to to through the first provider, unless you explicitly remove the sessions, as in pfctl -k 192.168.2.3 Daniel