Forcing packets out from both NICs on same subnet with pf

From: Edvard Fagerholm (efagerho_at_cc.hut.fi)
Date: 11/19/04

  • Next message: Stephane Raimbault: "Re: using natd to load balance port 80 to multiple servers" 
    Date: Fri, 19 Nov 2004 16:02:35 +0200
To: freebsd-net@freebsd.org

    Hello!

    Could anyone try to explain what happens in the kernel when a packet is forced
    to the outbound queue of a NIC with pf using the route-to keyword? Specifically
    is IP routing touched in any way after this or is the sending of the packet
    only depending on ethernet/arp?

    I'm trying to solve the problem mentioned in my post to freebsd-questions,
    "Problem routing via two NICs to same subnet".

    To those who can't find my post on freebsd-questions, I could describe the
    problem as follows:

    My roommate and I have both connections through the same ISP. Our ISPs allocate
    IPs to us from the same subnet with the same gateway. I'd like to have one box
    route a NATed network, so that his computers would go out through his interface
    and mine through mine. If we only use one interface, then we only get half the
    bandwidth.

    My solution:

    Force my internal IPs with route-to out from my NIC, while forcing his out from
    his NIC. After that do nat on the outbound queues of each interface. Problem is
    that only one of the NICs get the routing table entry for the MAC-address of
    the gateway, so even though even though pf has put a packet in the outbound
    queue of the other interface destined to the router, the packet never leaves
    the firewall.

    I really don't care how cleanly this can be solved. After reading some kernel
    source yesterday, I came to the conclusion that it's only possible to store one
    MAC address/IP address pair. However, I know exactly which interfaces I'm
    working with, so I could modify the kernel so that fxp0 try to query the arp
    table for fxp1 and vice verca each time they try to lookup a MAC address. Is
    this possible to do without breaking too much? :)

    Any better ideas? I'm not trying to find a generic solution, only a solution
    that works...

    Thanks,
    Edvard
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Stephane Raimbault: "Re: using natd to load balance port 80 to multiple servers"