Date: Mon, 6 Oct 2003 09:43:46 -0400 From: Leo Bicknell <bicknell@ufp.org> To: freebsd-hackers@freebsd.org Subject: Re: Changing the NAT IP on demand? Message-ID: <20031006134346.GA84944@ussenterprise.ufp.org> In-Reply-To: <20031006132857.GA71659@comp.chem.msu.su> <20031005193343.F47183-100000@skywalker.rogness.net> References: <20031004235400.GA20943@ussenterprise.ufp.org> <20031006132857.GA71659@comp.chem.msu.su> <200310051343.01251.wes@softweyr.com> <20031005193343.F47183-100000@skywalker.rogness.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--2oS5YaxWCcQjTEyO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Sun, Oct 05, 2003 at 08:11:05PM -0600, Nick Rogness=
wrote:
> In addition to keeping your NAT translations (as suggested by
> Wes), you need to also keep routes for those entries as well, so
> that preserved traffic remains to route out the right ISP even if
> a switch occurs.
You're right, however I would go with a different mechanism, but one
I've also never tried to do. What you want is routing based on the
source address of the packet, not the destination as per usual. You
want to be able to say "source a.a.a.a goes out link A". I've never
tried to do it on FreeBSD (it's easy on say Cisco's, with a bit of a
performance hit on some platforms). =20
In a message written on Mon, Oct 06, 2003 at 05:28:57PM +0400, Yar Tikhiy w=
rote:
> Just a random thought: If natd(8) were taught to change its default
> alias address on the fly (it's just a single variable,) then the
> desired effect would be achieved exactly. That's because any session
> already having its own entry in natd's aliasing table would use its
> old alias address kept in the entry. BTW, one could switch between
> even more than 2 external connections in that manner. And that's
> just a step away from session-aware load-balancing with natd(8).
That's exactly what I was thinking, and more or less why I asked.
Note, I think this configuration would be useful in a lot of other
applications as well. Consider someone who can get, say, a 128k
symmetric DSL line, and a 56k up 1M down satellite link. If using
this "trick" you could direct latency sensitive (ssh, telnet, ntp)
traffic over the DSL line, and send bulk data (http, ftp) over the
satellite link that could be quite useful.
I think I'm going to have to set up a lab box now and dig into this
at a deeper level.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--2oS5YaxWCcQjTEyO
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/gXGSNh6mMG5yMTYRAkTFAJ9Rhv6q5LI6I1shQduxWUMZZiZlfQCfUWsb
Y4PmF5CZ0Gzt8kJ7gakGu0Q=
=3b5F
-----END PGP SIGNATURE-----
--2oS5YaxWCcQjTEyO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031006134346.GA84944>