BSD as routing device for 2 ISPs nospam at
Sat Jun 14 15:59:50 UTC 2014


although i had a look on pfsense, openbgpd, setfib(1) ideas and such,
googlin' around and discussing with nw-admins for hours, i still don't
really see a clear path for setting up a proper solution which is not
sort of "tinkering" but still based on free OS's.

we have 2 independent ISPs, each running it's own router/ext-ip-block.
e.g. ISP A: IP, ISP B: IP

goal 1: inside->outside:
- NAT and spread traffic load-based across ISPs to use both wires
- switch to "living" ISP in case the other goes down
(loosing active connections is ok and will of course happen)
- have 1 smart default gateway for all internal devices
(no use gw A for boxes A...N solutions... as they need to switch)

goal 2: outside->inside:
- NAT different external IPs to the SAME service inside
(eg. smtp: NAT and to
- allow connecting to the same service via different routes simultaneously
eg: ssh from>
while ssh from>,
both end up NAT'd at

goal 3: firewalling:
either this box is the firewall, or any other idea welcome.
(currently, there's a separate hw-firewall running which does NAT, too)

NOT a goal:
- switch over ("HA") of external services, this of course will only
work out if we have our own ASN's, which is (& will be) not the case.

oh, and the box will be run as virtual machine's guest OS.

any perferences on what to end up with?

More information about the freebsd-questions mailing list