From owner-freebsd-net@FreeBSD.ORG Wed Jan 25 16:39:15 2006 Return-Path: X-Original-To: freebsd-net@FreeBSD.org Delivered-To: freebsd-net@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B68116A41F for ; Wed, 25 Jan 2006 16:39:15 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from gandalf.osk.com.ua (osk.com.ua [195.5.17.76]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AC1143D68 for ; Wed, 25 Jan 2006 16:39:13 +0000 (GMT) (envelope-from subscriber@osk.com.ua) Received: from localhost (localhost [127.0.0.1]) by gandalf.osk.com.ua (Postfix) with ESMTP id 2D4CB78C2B for ; Wed, 25 Jan 2006 18:40:53 +0200 (EET) Received: from gandalf.osk.com.ua ([127.0.0.1]) by localhost (gandalf.osk.com.ua [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 47447-02 for ; Wed, 25 Jan 2006 18:40:52 +0200 (EET) Received: from OLEG (unknown [192.168.82.111]) by gandalf.osk.com.ua (Postfix) with ESMTP id 88B7C78C29 for ; Wed, 25 Jan 2006 18:40:52 +0200 (EET) Date: Wed, 25 Jan 2006 18:44:24 +0200 From: Oleg Tarasov X-Mailer: The Bat! (v3.64.01 Christmas Edition) Professional X-Priority: 3 (Normal) Message-ID: <831122596.20060125184424@osk.com.ua> To: freebsd-net@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at osk.com.ua Cc: Subject: Failover and load balancing using advanced NAT daemon X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD MailList List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 16:39:15 -0000 Hello, I have an idea of implementation of this common task. Please tell me if there is some alternative or use my idea to implement advanced NAT daemon (this would be great). Maybe it would be good to upgrade standart natd daemon. The task: We have several interfaces connected to internet and all having static IPs and one (or more) interfaces to local network. We must provide NATed internet access to local network users load-balancing internet interfaces and providing failover. All session have to "remember" their outgoing interface as one session will break if packets start to come from different IPs. A way to perform this: - We need to monitor interface state (some simple like up/down) or more complex like periodic gateway ping for example. - We need to measure interface load - We need NAT that aliases outgoing connections to one of these interfaces - We need to route outgoing packets based on source IP assigned by NAT. This can be performed using ipfw forward mechanism. First three functions would be great to be implemented inside one daemon like standart natd. Packets should be diverted into it. This daemon can easily perform all of the tasks listed above as all of the packets are passed through it. Using it in a combination with policy-routing would be a powerful mechanism! -- Best regards, Oleg Tarasov mailto:subscriber@osk.com.ua