[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ipf + bridging + nat as a transparent ip proxy

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: ipf + bridging + nat as a transparent ip proxy
From: m <m_(_at_)_rl206_(_dot_)_org>
Date: Wed, 30 May 2001 11:37:16 +0000

My timimg must be the worst there is..
I sent this msg to the ipfilter list yesterday but didn't get 
much of a response. Small wonder...



Question: 

 Can ipfilter act as a transparent ip proxy while doing load balancing 
across 2 destinations? I noticed that load-splitting is mentioned 
as a new feature in 3.4.17. The kind of load balancing needed is more 
of a redirect for certain types of traffic. Like, http over one 
lind and smtp over the other.

I'm trying to figure out if it's possible to introduce a secondary 
internet connection to a lan without changing any client or existing 
firewall configuration. 

The machine being introduced is an obsd 2.9 with 3 nics.  

fxp0 == internal lan : 10.1.1.x 
xl0  == no address  
fxp1 == 64.x.x.x 

bridge0 == fxp0 + xl0
nat between fxp0 and fxp1 


Crude ascii stuff:

10.1.1.0       	      10.1.1.x?		  10.1.1.1
(internal lan)--------[ ipfilter ]-------[existing firewall]----->
			    |		 
			x.x.x.x
			    |
			    |Second Internet connection
			    | (Directly connected)
			    |	
			    \/

Clients machines don't have a default gateway of 10.1.1.1, instead 
their gateway is an internal router which has a default route of 
10.1.1.1. (so , indirectly their gateway _is_ 10.1.1.1. and this 
has to remain static). 

The goal is to selectively route outbound traffic through the 
two connections. About the only thing that I'm pretty sure about 
is that a bridge would be between the internal and existing firewall
interfaces. 

Any help would be greatly appreciated, and TIA.

--martin

Prev by Date: xlock
Next by Date: XF4
Previous by thread: xlock
Next by thread: XF4
Index(es):
- Date
- Thread

Visit your host, monkey.org