Pontus
April 5th, 2003, 18:01
Hi!

Is it possible to have 3 incomming DSL lines, connected to an OpenBSD firewall, and then "load-balancing" the outgoing connections thru these 3 DSL lines??

I saw a post at deadly.org about load-balancing incomming traffic (one external ip that RDR the connections to multiple internal ip's)... http://www.deadly.org/article.php3?sid=20021125135937

I want to do something like this:

ep1 = internal_if

nat on ep1 from 192.168.1.0/24 to any -> { external_ip1, external_ip2, external_ip3} round-robin

Do you guys think this is possible??

Regards
Pontus

Pontus
April 5th, 2003, 18:03
Yes I know, its a little off topic, but I didnt find any "networking" forum, and its about PF, so I posted it here :-)

Thanks!

soup4you2
April 5th, 2003, 20:54
nat fully supports round robbin i think the nat command is rdr

but i havent had the time to play w/ round robbin yet so i dont really know

elmore
April 5th, 2003, 21:44
I don;t think rdr is it.

Pontus-

I can't any reason this wouldn;t be possible although I haven't heard of anyone doing it.

What happens when you specify the nat rule you have given?

Does pf load?

frisco
April 5th, 2003, 21:59
Welcome to the new pf.

http://www.deadly.org/article.php3?sid=20021125135937

look through the mail archives as well, for things like this:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=103852811324894&w=2

frisco
April 5th, 2003, 22:02
wow, i posted to the same article. i'll think before i post again.

elmore
April 5th, 2003, 22:21
Well shit. Thanks -f I stand corrected. Sorry Soup! :oops:

Pontus
April 5th, 2003, 23:05
Woooohoooo, so its supposed to work!!!! :-)

On Monday, I'll order a few new DSL lines :-)

Thanks!!!!!

Strog
April 7th, 2003, 10:43
There is a network forum. http://screamingelectron.org/phpBB2/viewforum.php?f=38
Not too big a deal since it is in OpenBSD Security and it is about pf. After all, if elmore doesn't care then what do I care? :D

I was replacing my frustrating Linux firewall with a BSD one not too long after pf came out. I saw that ipf had support for round robin and I wanted to play with that but decided that OpenBSD and pf would be the way to go for me. I was happy to see when they added that support recently to pf.

Pf just gets better all the time. I'm playing with altq now and see more things have come out since then. The development is awesome.