Advanced NAT and load balancing on single external interface ?

From: DavX (simit100it_at_comm.it)
Date: 06/15/05 

Date: 15 Jun 2005 06:40:42 -0700

Hi,

I have a multi-homed OBSD box acting as a firewall/gateway for a
number of LAN and DMZ behind it.

This box has a dual internet connection via xDSL routers, each one
connected to a single "rl" ethernet interface. The box is natting and
load balancing on both DSL lines.

         <DSL1> <DSL2>
           | |
           | |
        +---------------+
        | Firewall |
        +-+-----+-----+-+
          | | |
         LAN DMZ1 DMZ2

I would like to connect the 2 DSL lines to a single interface on the
firewall (and thus being able to load-balance on an unlimited number
of external lines) like this:

      a.b.c.d x.y.w.z e.f.g.h
         | | |
       <DSL1> <DSL2> <...>
         | | |
       .2 \ .3| .z/ <--- Private IP net 10.x.y.z
           \ | /
            \ | /
          +--+----+----+--+
          | HUB/SWITCH |
          +-------+-------+
                  |
                  | 10.x.y.1
          +-------+-------+
          | OpenBSD |
          +--+----+-----+-+
             | | |
            LAN DMZ1 DMZ2

The catch is that the OBSD box must "NAT" each outgoing connection
with it's own valid IP address (that is: based on the "gateway" and
not based on the interface). Sure: I can enable NAT on the DSL routers
but I would like to have more control over which "inside" address gets
mapped to which external address. For example Server1 from DMZ1 must
go out as IP a.b.c.3 when using DSL1 and x.y.w.11 when using DSL2,
while Server2 must have a.b.c.4 and x.y.w.12. On the other hand, LAN
must be squashed to a few addresses only. Most cheapo dsl routers will
not allow me this.

Any hints on the syntax to write the "nat" and "route-to" rules?
Is it at all possible or do I really need a single interface for each
router?

Thank you,
Max.

Relevant Pages

  • Re: 1 way remote desktop
    ... I am using the local ip of the desktop as seen on my lan ... laptop = 192.168.0.3 ... also remote access connection mgr is up. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Loss of Connectivity on Only One PC on a LAN
    ... When you ran the Network Setup Wizard, ... The original setup of the LAN was done entirely by the user of the other PC on that LAN in July. ... I use a LAN connection which consists of two PCs each connected to a Linksys BEFSR 41 Router. ...
    (microsoft.public.windowsxp.network_web)
  • RE: Netgear fvx538 and Prosafe VPN Client
    ... if I use the laptop connected to the worrkgroup and "connect to ... connected to the SBS Lan, "withOUT using the SBS VPN connection". ...
    (microsoft.public.windows.server.sbs)
  • Re: Sharing WLAN internet connection for LAN - please advise
    ... >What is the best way to share WLAN internet connection for small LAN ... to add a router with NAT. ...
    (alt.internet.wireless)
  • Re: 3 PC SOHO Network setup problem
    ... >>>so security on the wireless side is not a major concern. ... >>>Our internet connection is via a cable modem connected directly to the ... >> only by the Guest account, which means this computer will be open to anyone. ... >> LAN where you wish to access all files. ...
    (microsoft.public.windowsxp.network_web)