BSD as routing device for 2 ISPs
no@spam@mgedv.net
nospam at mgedv.net
Sat Jun 14 15:59:50 UTC 2014
hi,
although i had a look on pfsense, openbgpd, setfib(1) ideas and such,
googlin' around and discussing with nw-admins for hours, i still don't
really see a clear path for setting up a proper solution which is not
sort of "tinkering" but still based on free OS's.
situation:
we have 2 independent ISPs, each running it's own router/ext-ip-block.
e.g. ISP A: IP 1.1.1.10-1.1.1.20, ISP B: IP 2.2.2.50-2.2.2.60.
goal 1: inside->outside:
- NAT and spread traffic load-based across ISPs to use both wires
- switch to "living" ISP in case the other goes down
(loosing active connections is ok and will of course happen)
- have 1 smart default gateway for all internal devices
(no use gw A for boxes A...N solutions... as they need to switch)
goal 2: outside->inside:
- NAT different external IPs to the SAME service inside
(eg. smtp: NAT 1.1.1.11:25 and 2.2.2.51:25 to 192.168.10.10:25)
- allow connecting to the same service via different routes simultaneously
eg: ssh from 8.8.8.8->1.1.1.12:22
while ssh from 9.9.9.9->2.2.2.12:22,
both end up NAT'd at 192.168.10.20:22.
goal 3: firewalling:
either this box is the firewall, or any other idea welcome.
(currently, there's a separate hw-firewall running which does NAT, too)
NOT a goal:
- switch over ("HA") of external services, this of course will only
work out if we have our own ASN's, which is (& will be) not the case.
oh, and the box will be run as virtual machine's guest OS.
any perferences on what to end up with?
More information about the freebsd-questions
mailing list