Changing the NAT IP on demand?
Don Bowman
don at sandvine.com
Sun Oct 5 08:47:09 PDT 2003
From: Leo Bicknell [mailto:bicknell at ufp.org]
>
> I'm considering options for a new project, and I think I've discovered
> what I think is the best idea, but I don't think current software
> supports the config. I'd like to get some confirmation, and
> comments on
> if it would be hard to implement.
>
> Consider:
>
>
> ISP #1-------\
> \
> FreeBSD Box----LAN
> /
> ISP #2-------/
>
> In this case the LAN would be 1918 space, the two ISP's would each
> provide a public IP for the FreeBSD box.
>
> Now, NAT would be required. What I want to do is write an external
> application to decide the performance of ISP #1 and ISP#2, and
> somehow tell NAT which outside address to use.
>
> That, by itself, is not hard. Here's the trick. I want the switch
> to be seamless. That is, if NAT is translating to ISP #1 and the
> application says switch to #2 the existing translations to #1 (until
> they go away naturally) should be kept, while new ones go to #2.
>
> The only ways I know to change the outside address seem to tear down
> all existing connections.
>
> Is it possible to make this work today? Would it be hard to fix if
> it doesn't work today?
i wonder if ipfw stateful rules can be used to keep sessions bound
to the same instance of natd, thus keeping the same external address
for the duration of the layer-4 session?
More information about the freebsd-hackers
mailing list