From owner-freebsd-questions@FreeBSD.ORG Fri Jan 22 20:43:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6285B1065676 for ; Fri, 22 Jan 2010 20:43:13 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout024.mac.com (asmtpout024.mac.com [17.148.16.99]) by mx1.freebsd.org (Postfix) with ESMTP id 4CE178FC12 for ; Fri, 22 Jan 2010 20:43:13 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=us-ascii Received: from [17.151.81.204] by asmtp024.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KWO00GPT1JIHR10@asmtp024.mac.com> for freebsd-questions@freebsd.org; Fri, 22 Jan 2010 12:42:55 -0800 (PST) X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=5.0.0-0908210000 definitions=main-1001220229 From: Chuck Swiger In-reply-to: <20100122200138.GA19469@cabstand.com> Date: Fri, 22 Jan 2010 12:42:54 -0800 Message-id: <59B84842-615C-4152-9BD7-F982923EA9FE@mac.com> References: <20100122200138.GA19469@cabstand.com> To: Chris Peiffer X-Mailer: Apple Mail (2.1077) Cc: freebsd-questions@freebsd.org Subject: Re: ISO simple non-forking TCP connection forward/balance tool X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 20:43:13 -0000 Hi-- On Jan 22, 2010, at 12:01 PM, Chris Peiffer wrote: > Or is there a good way to do it in the kernel that I'm missing, and > can someone direct me to an ipnat ruleset that creates new > connections, so the TCP forwarding machine doesn't also need to be a > router? I don't know about ipnat, but natd (or kernel-level IPFW NAT functionality in newer versions of FreeBSD) redirect_port will do exactly what you've asked for: -redirect_port proto targetIP:targetPORT[,targetIP:targetPORT[,...]] [aliasIP:]aliasPORT [remoteIP[:remotePORT]] -redirect_address localIP[,localIP[,...]] publicIP These forms of -redirect_port and -redirect_address are used to transparently offload network load on a single server and distribute the load across a pool of servers. This function is known as LSNAT (RFC 2391). For example, the argument tcp www1:http,www2:http,www3:http www:http means that incoming HTTP requests for host www will be trans- parently redirected to one of the www1, www2 or www3, where a host is selected simply on a round-robin basis, without regard to load on the net. (Userland natd doesn't need to fork for individual connections.) Regards, -- -Chuck