April 5th, 2003, 18:01

Is it possible to have 3 incomming DSL lines, connected to an OpenBSD firewall, and then "load-balancing" the outgoing connections thru these 3 DSL lines??

I saw a post at deadly.org about load-balancing incomming traffic (one external ip that RDR the connections to multiple internal ip's)... http://www.deadly.org/article.php3?sid=20021125135937

I want to do something like this:

ep1 = internal_if

nat on ep1 from to any -> { external_ip1, external_ip2, external_ip3} round-robin

Do you guys think this is possible??


April 5th, 2003, 18:03
Yes I know, its a little off topic, but I didnt find any "networking" forum, and its about PF, so I posted it here :-)


April 5th, 2003, 20:54
nat fully supports round robbin i think the nat command is rdr

but i havent had the time to play w/ round robbin yet so i dont really know

April 5th, 2003, 21:44
I don;t think rdr is it.


I can't any reason this wouldn;t be possible although I haven't heard of anyone doing it.

What happens when you specify the nat rule you have given?

Does pf load?

April 5th, 2003, 21:59
Welcome to the new pf.


look through the mail archives as well, for things like this:

April 5th, 2003, 22:02
wow, i posted to the same article. i'll think before i post again.

April 5th, 2003, 22:21
Well shit. Thanks -f I stand corrected. Sorry Soup! :oops:

April 5th, 2003, 23:05
Woooohoooo, so its supposed to work!!!! :-)

On Monday, I'll order a few new DSL lines :-)


April 7th, 2003, 10:43
There is a network forum. http://screamingelectron.org/phpBB2/viewforum.php?f=38
Not too big a deal since it is in OpenBSD Security and it is about pf. After all, if elmore doesn't care then what do I care? :D

I was replacing my frustrating Linux firewall with a BSD one not too long after pf came out. I saw that ipf had support for round robin and I wanted to play with that but decided that OpenBSD and pf would be the way to go for me. I was happy to see when they added that support recently to pf.

Pf just gets better all the time. I'm playing with altq now and see more things have come out since then. The development is awesome.