Using Multiple Internet Connections with FreeBSD

Louis LeBlanc FreeBSD at
Wed Jul 13 16:04:10 GMT 2005

On 07/13/05 11:28 AM, John Barbieri sat at the `puter and typed:
> Howdy,
> To start off, I have a FreeBSD router running Nat and dhcp, it is
> currently the router for my LAN.
> I was wondering if there was a way to aggregate more then one internet
> connection using FreeBSD?
> That is, have 2 or 3 internet connections coming in on seperate NICs,
> and being able to have the box route and nat the packets accordingly to
> the lan, thus giving the experience of more bandwidth. Is it even possible?
> Has someone done it before? and if you have, do you have a webpage that
> you followed instructions from?
> Ive been searching around, but I have not been able to find a straight
> answer. I was hoping you guys could help

I'm afraid I can't help much, but for starters, you probably need to
be clear on external services as well.  You also want to mention the
version of FreeBSD you are/intend to use, as it will affect the up
front work needed and/or the available utilities.

If external services are part of your bandwidth concerns, you should
be able to isolate internal NAT functionality away from one connection
to restrict it to external services.

If you have multiple internal LANs, you should be able to isolate them
to dedicated external connections as well.  This would be easiest if
you had a separate internal NIC for each external NIC, but that might
be overkill, and probably isn't necessary if you simply use a simple
100Mb router with full duplex capabilities.

If you're looking for load balancing NAT, meaning any outbound traffic
from an internal LAN automagically picks the least saturated
connection, then you probably want to use an advanced firewall utility
and get on the users list for that tool.  I *think* pf can do this,
but I'm not sure.  I'm certainly not qualified to tell you HOW to do
it with any firewall utility, but I've found pf to be easier for
simple firewalls at least.

Try this link:
It is probably worth your time to get on the mailing list.  The folks
there should be most qualified to help you with this.

Keep in mind, depending on your solution, it may also be necessary to
set up various routes through /etc/rc.conf (this is the one thing that
always confused me enough to keep me out of network admin work).

This exact scenario had occurred to me in the past, but I never had
the time to investigate it more thoroughly, or the connections to play
with.  Sorry I couldn't be more helpful, but I hope this gets you
closer to the mark.

Louis LeBlanc
Fully Funded Hobbyist,                   KeySlapper Extrordinaire :)
Please send off-list email to:         leblanc at keyslapper d.t net
Key fingerprint = C5E7 4762 F071 CE3B ED51  4FB8 AF85 A2FE 80C8 D9A2

ink, n.:
  A villainous compound of tannogallate of iron, gum-arabic, and water,
  chiefly used to facilitate the infection of idiocy and promote
  intellectual crime.
    -- H.L. Mencken
