BSD as routing device for 2 ISPs
nospam at mgedv.net
Sat Jun 14 15:59:50 UTC 2014
although i had a look on pfsense, openbgpd, setfib(1) ideas and such,
googlin' around and discussing with nw-admins for hours, i still don't
really see a clear path for setting up a proper solution which is not
sort of "tinkering" but still based on free OS's.
we have 2 independent ISPs, each running it's own router/ext-ip-block.
e.g. ISP A: IP 126.96.36.199-188.8.131.52, ISP B: IP 184.108.40.206-220.127.116.11.
goal 1: inside->outside:
- NAT and spread traffic load-based across ISPs to use both wires
- switch to "living" ISP in case the other goes down
(loosing active connections is ok and will of course happen)
- have 1 smart default gateway for all internal devices
(no use gw A for boxes A...N solutions... as they need to switch)
goal 2: outside->inside:
- NAT different external IPs to the SAME service inside
(eg. smtp: NAT 18.104.22.168:25 and 22.214.171.124:25 to 192.168.10.10:25)
- allow connecting to the same service via different routes simultaneously
eg: ssh from 126.96.36.199->188.8.131.52:22
while ssh from 184.108.40.206->220.127.116.11:22,
both end up NAT'd at 192.168.10.20:22.
goal 3: firewalling:
either this box is the firewall, or any other idea welcome.
(currently, there's a separate hw-firewall running which does NAT, too)
NOT a goal:
- switch over ("HA") of external services, this of course will only
work out if we have our own ASN's, which is (& will be) not the case.
oh, and the box will be run as virtual machine's guest OS.
any perferences on what to end up with?
More information about the freebsd-questions