From owner-freebsd-questions@FreeBSD.ORG  Tue Aug 14 00:19:37 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1DB7A16A419
	for <freebsd-questions@freebsd.org>;
	Tue, 14 Aug 2007 00:19:37 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from mail-out3.apple.com (mail-out3.apple.com [17.254.13.22])
	by mx1.freebsd.org (Postfix) with ESMTP id 01ED913C468
	for <freebsd-questions@freebsd.org>;
	Tue, 14 Aug 2007 00:19:36 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from relay7.apple.com (relay7.apple.com [17.128.113.37])
	by mail-out3.apple.com (Postfix) with ESMTP id 8C026E6ADA8;
	Mon, 13 Aug 2007 17:19:36 -0700 (PDT)
Received: from relay7.apple.com (unknown [127.0.0.1])
	by relay7.apple.com (Symantec Mail Security) with ESMTP id 754DF30076; 
	Mon, 13 Aug 2007 17:19:36 -0700 (PDT)
X-AuditID: 11807125-a2a1fbb0000007e5-72-46c0f5183ad0
Received: from [17.214.13.96] (cswiger1.apple.com [17.214.13.96])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	by relay7.apple.com (Apple SCV relay) with ESMTP id 62A463006A;
	Mon, 13 Aug 2007 17:19:36 -0700 (PDT)
In-Reply-To: <64c038660708131659m68620db9of8d93bd079d1fb29@mail.gmail.com>
References: <64c038660708131659m68620db9of8d93bd079d1fb29@mail.gmail.com>
Mime-Version: 1.0 (Apple Message framework v752.2)
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Message-Id: <5F59BCBE-FCEA-4D2A-8A69-E0CE9B3A86A0@mac.com>
Content-Transfer-Encoding: 7bit
From: Chuck Swiger <cswiger@mac.com>
Date: Mon, 13 Aug 2007 17:19:35 -0700
To: Modulok <modulok@gmail.com>
X-Mailer: Apple Mail (2.752.2)
X-Brightmail-Tracker: AAAAAA==
Cc: freebsd-questions@freebsd.org
Subject: Re: Redundant network router setup?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Aug 2007 00:19:37 -0000

On Aug 13, 2007, at 4:59 PM, Modulok wrote:
> QUESTION: Is there a way to setup a redundant router, such that I can
> offload traffic from the primary router to another machine, without
> breaking TCP sessions?

There are several ways of setting up such redundancy; the common case  
which Cisco calls VRRP, you can use under FreeBSD as CARP.  However,  
this approach is limited to pure routing; it does not handle  
replicating the NAT state tables:

> BACKGROUND: I have a FreeBSD machine acting as a gateway, running
> natd(8) through ipfw(8).

...which you mention you are using.  I don't know of any way to  
provide redundancy for existing connections going via natd.

-- 
-Chuck