Date: Tue, 7 Jan 2020 00:11:20 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Daniel Morandini <danielmorandini@me.com>, freebsd-net@freebsd.org Subject: Re: lagg interface Message-ID: <ca223e8c-cb51-d06d-73c3-8026edaaa54f@grosbein.net> In-Reply-To: <a58529b2-25b0-3e38-9daf-10b901f157f1@grosbein.net> References: <19FC0FD7-A2C4-442A-BCB2-0CF8D0726EA1@me.com> <a58529b2-25b0-3e38-9daf-10b901f157f1@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
06.01.2020 22:46, Eugene Grosbein wrote: > So, you need L3 traffic sharing. One example is using ipfw tables. > For N external links (phones) you'd need (N-1) tables, one table for a link excluding first one. > With two links, you need only one table listing clients using second link: > > lan="10.0.0.0/8,192.168.0.0/16" > ipfw disable one_pass > ipfw table 1 add 10.0.10.200 # a client using second link > ipfw table 1 add 192.168.0.5 # another client for second link > > # translate incoming traffic > ipfw delete 50 > ipfw add 50 nat 123 ip from any to any in recv ipheth0 > ipfw add 50 nat 123 ip from any to any in recv ipheth1 Correction: latest rule should use "nat 124" instead of "nat 123" assuming there are two NAT instances configured each for its own link: nat 123 for ipheth0, nat 124 for ipheth1. > # insert your filtering rules between 50 and 50000 > > # translate and forward outgoing traffic > # clients of second link processed later with rules 50110 etc. > ipfw add 50000 skipto 50110 ip from not 'table(1)' to not $lan out > > # other clients not mentioned in the table are NAT-ed and forwarded here > ipfw add 50010 nat 123 ip from $lan to not $lan out > ipfw add 50020 fwd $gw1 ip from $nat123_extip to any out > > # clients using second link are NAT-ed and forwarded here > ipfw add 50110 nat 124 ip from $lan to not $lan out > ipfw add 50120 fwd $gw2 ip from $nat124_extip to any out
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ca223e8c-cb51-d06d-73c3-8026edaaa54f>