Changing the NAT IP on demand?

[Don Bowman]

From: Leo Bicknell [mailto:bicknell at ufp.org]
> 
> I'm considering options for a new project, and I think I've discovered
> what I think is the best idea, but I don't think current software
> supports the config.  I'd like to get some confirmation, and 
> comments on
> if it would be hard to implement.
> 
> Consider:
> 
> 
> ISP #1-------\
>               \
>               FreeBSD Box----LAN
>               /
> ISP #2-------/
> 
> In this case the LAN would be 1918 space, the two ISP's would each
> provide a public IP for the FreeBSD box.
> 
> Now, NAT would be required.  What I want to do is write an external
> application to decide the performance of ISP #1 and ISP#2, and
> somehow tell NAT which outside address to use.
> 
> That, by itself, is not hard.  Here's the trick.  I want the switch
> to be seamless.  That is, if NAT is translating to ISP #1 and the
> application says switch to #2 the existing translations to #1 (until
> they go away naturally) should be kept, while new ones go to #2.
> 
> The only ways I know to change the outside address seem to tear down
> all existing connections.
> 
> Is it possible to make this work today?  Would it be hard to fix if 
> it doesn't work today?

i wonder if ipfw stateful rules can be used to keep sessions bound
to the same instance of natd, thus keeping the same external address
for the duration of the layer-4 session?