On Friday 28 October 2011 16:22:25 nyoman.b...@gmail.com wrote: > dear all, > > I need to set up a router (using FreeBSD) > that connect to the Internet > to accomodate multiple ISP, > so users can be load balanced through > those several ISP lines. > > how can I do that? > > thanks in advance
Well, let's suppose that your ISP interfaces have respectively $ispN_ip and $ispN_router as interface IP and ISP router IP. And that $natN is the divert port corresponding to the NAT for the given ISP. Then you get something like # This treats incoming trafic ipfw add 1310 divert $nat1 ip from any to any in via $if1 ipfw add 1320 divert $nat2 ip from any to any in via $if2 ... ipfw add 13N0 divert $natN ip from any to any in via $ifN # Check states ipfw add 3000 check-state # Load balance outgoing trafic # Note: change 1/N, 1/(N-1), etc by actual values for your N ipfw add 10100 prob 1/N skipto 20100 ip from $internal to any keep-state ipfw add 10200 prob 1/(N-1) skipto 20200 ip from $internal to any keep-state ... ipfw add 10N00 skipto 20N00 ip from $internal to any keep-state # Do outgoing NAT ipfw add 20100 divert $nat1 from $internal to any out ipfw add 20110 fwd $isp1_router ip from $isp1_ip ipfw add 20200 divert $nat2 from $internal to any out ipfw add 20210 fwd $isp2_router ip from $isp2_ip ... ipfw add 20N00 divert $natN from $internal to any out ipfw add 20N10 fwd $ispN_router ip from $ispN_ip And here is what the natd.conf would look like ### ISP 1 ### port 8868 dynamic yes interface re1 ### ISP 2 ### instance dsl2 port 8869 dynamic yes interface re2 ### ISP N ### instance dsl3 port 8870 dynamic yes interface re You'll notice that the load balancing rules are skipto to NAT rules instead of directly being NAT rules. This is because this way you can factorize your NAT rules with several sets of load-balancing rules (like having different patterns for TCP and UDP, or depending on the users, etc). Also note that those lines are inspired by my actual configuration file, that is much more complex than this, and I didn't test anything, so it might not work out-of-the-box, however this gives you a good preview of what it should be. One last important thing : this kind of load-balancing can be relatively complex to get correctly working if you do have different bitrates from your ISPs. You might also want to try protocols like MLPPP (with mpd for example), but this is more complex to setup and you need a server on "the other side" to get it working. Well, have fun :) -- Rémy Sanchez http://hyperthese.net/
signature.asc
Description: This is a digitally signed message part.
