From owner-freebsd-questions@FreeBSD.ORG Mon Dec 21 18:56:56 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFDDD1065696 for ; Mon, 21 Dec 2009 18:56:56 +0000 (UTC) (envelope-from nvass9573@gmx.com) Received: from mailout-eu.gmx.com (mailout-eu.gmx.com [213.165.64.42]) by mx1.freebsd.org (Postfix) with SMTP id 412028FC18 for ; Mon, 21 Dec 2009 18:56:56 +0000 (UTC) Received: (qmail invoked by alias); 21 Dec 2009 18:56:54 -0000 Received: from adsl-236.79.107.74.tellas.gr (EHLO [192.168.73.101]) [79.107.74.236] by mail.gmx.com (mp-eu003) with SMTP; 21 Dec 2009 19:56:54 +0100 X-Authenticated: #46156728 X-Provags-ID: V01U2FsdGVkX1+NbOpZzRGNELXRA7ZA4rZ06Sg7WvQ7JkDiBbC94E R+ZmjdXDfQvuh6 Message-ID: <4B2FC4CB.2040409@gmx.com> Date: Mon, 21 Dec 2009 20:56:11 +0200 From: Nikos Vassiliadis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 MIME-Version: 1.0 To: Mel Flynn References: <200912201903.34873.mel.flynn+fbsd.questions@mailing.thruhere.net> In-Reply-To: <200912201903.34873.mel.flynn+fbsd.questions@mailing.thruhere.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 X-FuHaFi: 0.64 Cc: freebsd-questions@freebsd.org Subject: Re: Loadbalance outgoing traffic over two cable modems in same network X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Dec 2009 18:56:57 -0000 On 12/21/2009 6:03 AM, Mel Flynn wrote: > Hi, > > I've looked over http://www.openbsd.org/faq/pf/pools.html but this assumes two > different gateways for the two interfaces. > I'm faced with two cable modems from the same ISP, with the same gateway. I > can't lagg(4) the interfaces, since specific IP's are bound to specific > modems. This can probably be fixed from the ISP side. It should probably be some antispoofing rule that drops the packets you are sending via the "wrong" interface. You could try communicating the problem to the ISP and hope for the best... > So I'm wondering if using stick-address with a round-robin nat pool is really > sufficient to do load balancing of outgoing traffic and not get into session > problems with various protocols. Has anybody had similar experiences? I have no experience on this, but theoretically a state can expire while the upper layers are still active... so, I *think* you may have problems... Of course, you could increase the lifetime of states A few, mostly random thoughts, Nikos