Re: Failover and load balancing using advanced NAT daemon

---

• From: Oleg Tarasov <subscriber@xxxxxxxxxx>
• Date: Thu, 26 Jan 2006 12:25:24 +0200

---

Hello,

Jon Simola <jon@xxxxxxxxxxx> wrote:

> You may want to check out PF, the packet filter imported from OpenBSD.
> I have it running on some large routers doing NAT out multiple
> interfaces, load balancing and policy routing. Careful use of anchors
> and some scripting (or ifstated which might be in ports) can move
> traffic off failed links or respond to changing loads.

> I've done a lot with both ipfw and PF now, and I'm finding PF to be
> more flexible for my uses.

Thanks. I've looked through PF documentation and find it quite
interesting to use in this tasks. In combination with ifstated much
can be done.

I'm sorry for my incompetence in this case. I have always used ipfw
for packet processing and now find a mistake not looking through PF.
As I can now say ipfw is faster and easier to configure, but PF
contains more flexible mechanisms supporting aliasing address pools
for NAT and stateful routing.

The only visible problem I see is a lack of policy routing in FreeBSD
routing system which is used to create session listener when packets
origin is a router itself (like tunnels) and packets cant be passed
through NAT to be routed to another interface different from that in
routing table.

--
Best regards,
Oleg Tarasov mailto:subscriber@xxxxxxxxxx

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

---

• References:
  • Failover and load balancing using advanced NAT daemon
    • From: Oleg Tarasov
  • Re: Failover and load balancing using advanced NAT daemon
    • From: Jon Simola

• Prev by Date: Re: Marvell/SysKonnect YukonII source code available
• Next by Date: Named could not listen on UDP socket: permission denied
• Previous by thread: Re: Failover and load balancing using advanced NAT daemon
• Next by thread: Question on IFF_PPROMISC (and IFF_PROMISC)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Policy routing idea (Was: ipfw: Would it be possible tocontinue processing rest of rules after m ... I would like to adjust ipfw behaviour ... > packet gets passed to dummynet). ... Please don't store routing table pointers. ... > To unsubscribe, ... (freebsd-net) Re: How do I read/interpret a (netstat) routing table ? ... I know this routing table is used to direct TCP/IP packets to their destination. ... Assume on local computer 192.168.0.14 a TCP-IP packet is arriving with the destination ... NetMask --> Makes it easier for the Router (layer 3 device, ... (microsoft.public.windowsxp.network_web) Re: Programming Question: Policy Based Routing ... My definition of Policy-Based Routing: ... address, L4 protocol, tos, packet length. ... packet and an AVL tree to store routing information in it. ... first thing is to create a generic route mask. ... (freebsd-net) Re: Programming Question: Policy Based Routing ... > My definition of Policy-Based Routing: ... > address, L4 protocol, tos, packet length. ... > packet and an AVL tree to store routing information in it. ... > first thing is to create a generic route mask. ... (freebsd-net) multiple routing tables roadmap ... packet streams to be routed by more than just the destination address. ... multiple kernel routing tables (which I will now refer to as "Forwarding Information Bases" or "FIBs" for political correctness reasons. ... Other protocol families are left untouched and should there be users with proprietary protocol families, ... To understand how this is done, one must know that the current FIB code ... (freebsd-arch)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Mailing-Lists  > FreeBSD  > net  > 2006-01