Date: Sat, 14 Jun 2014 17:25:41 +0200 From: "no@spam@mgedv.net" <nospam@mgedv.net> To: freebsd-questions@freebsd.org Subject: BSD as routing device for 2 ISPs Message-ID: <539C6975.3040404@mgedv.net>
next in thread | raw e-mail | index | archive | help
hi,
although i had a look on pfsense, openbgpd, setfib(1) ideas and such,
googlin' around and discussing with nw-admins for hours, i still don't
really see a clear path for setting up a proper solution which is not
sort of "tinkering" but still based on free OS's.
situation:
we have 2 independent ISPs, each running it's own router/ext-ip-block.
e.g. ISP A: IP 1.1.1.10-1.1.1.20, ISP B: IP 2.2.2.50-2.2.2.60.
goal 1: inside->outside:
- NAT and spread traffic load-based across ISPs to use both wires
- switch to "living" ISP in case the other goes down
(loosing active connections is ok and will of course happen)
- have 1 smart default gateway for all internal devices
(no use gw A for boxes A...N solutions... as they need to switch)
goal 2: outside->inside:
- NAT different external IPs to the SAME service inside
(eg. smtp: NAT 1.1.1.11:25 and 2.2.2.51:25 to 192.168.10.10:25)
- allow connecting to the same service via different routes simultaneously
eg: ssh from 8.8.8.8->1.1.1.12:22
while ssh from 9.9.9.9->2.2.2.12:22,
both end up NAT'd at 192.168.10.20:22.
goal 3: firewalling:
either this box is the firewall, or any other idea welcome.
(currently, there's a separate hw-firewall running which does NAT, too)
NOT a goal:
- switch over ("HA") of external services, this of course will only
work out if we have our own ASN's, which is (& will be) not the case.
oh, and the box will be run as virtual machine's guest OS.
any perferences on what to end up with?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?539C6975.3040404>