DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 18th March 2010
Tramboi Tramboi is offline
New User
 
Join Date: Mar 2010
Posts: 2
Thanked 0 Times in 0 Posts
Default Feasibility: "Load Balance Outgoing Traffic" with 2 NICs only

Hello everybody,

First please bear in mind I'm quite a beginner at networking, routing and firewalling, so I probably have lots of naive misconceptions about stuff

Here's the problem:
At work we have a small 192.168.0.x LAN with several mainstream ADSL routers 192.168.0.253,254,255.
Every PC on the network picks a gateway randomly, and it is quite a suboptimal mess.

So i was researching about pf to see if I could create a custom gateway that would use all these ADSL routers and dispatch connections automagically.

I found "Load Balance Outgoing Traffic" at the pf faq.

The example seems to need one network card per external gateway (ext_gw1 and ext_gw2)
Is it because the gateways are not on the same network?
Or is it something more complicated?

I infer if there were n external gateways with this technique, the pf machine would need n+1 network adapters.

Bottomline: Is it possible to adapt such a setup with only two network cards if the ADSL routers are on the same network?

Thanks in advance for considering my question, if you have good on line tutorials about stuff you think I didn't understand, I'm all open!

Cheers,
Bertrand
Reply With Quote
  #2   (View Single Post)  
Old 18th March 2010
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,873
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by Tramboi View Post
I infer if there were n external gateways with this technique, the pf machine would need n+1 network adapters.
I don't regularly answer questions in the FreeBSD subforae, but this portion of your questions is not necessarily FreeBSD-related.

While physically creating a router with n + 1 interfaces to connect n subnets to the Internet is possible, it is no longer the only option. You can accomplish the same topology with only two interfaces, but it requires more sophisticated configuration at the router & switch(es) as you will be configuring VLAN's (virtual LAN's). Limiting the router to two interfaces is also referred to a "router-on-a-stick" configuration. Googling for the term will give a place to begin. Wikipedia's entry on the subject:

http://en.wikipedia.org/wiki/Router_on_a_stick

...is a bit sparse, but it is a start.

As for where to find what is necessary on the FreeBSD side, studying the ifconfig(8) manpage will be required. Studying vlan(4) may help as well.

But I should repeat: if your switch(es) do not support VLAN's, you will be limited to creating a router with n + 1 interfaces, however, most enterprise switches anymore support multiple VLAN's. Even some home switches (not hubs...) do as well.
Reply With Quote
  #3   (View Single Post)  
Old 18th March 2010
Tramboi Tramboi is offline
New User
 
Join Date: Mar 2010
Posts: 2
Thanked 0 Times in 0 Posts
Default

Thanks a lot for the references and the jargon, ocicat, I'm gonna study those.
Reply With Quote
  #4   (View Single Post)  
Old 29th April 2010
orallo orallo is offline
New User
 
Join Date: Apr 2010
Posts: 3
Thanked 0 Times in 0 Posts
Default

Checkout ZeroShell,

I had a similar problem and I solved it all with it. Its free, it runs on any old machine that you have laying around with two NICS.

zeroshell dot net (I cant post urls because I'm new on the board...)

Cheers,
Orallo.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
wpa_supplicant errors: "CTRL-EVENT-SCAN-RESULTS" jackburke FreeBSD General 0 1st February 2010 12:07 AM
Fixed "xinit" after _7 _8, "how" here in case anyones' "X" breaks... using "nvidia" jb_daefo Guides 0 5th October 2009 09:31 PM
"Thanks" and "Edit Tags". diw Feedback and Suggestions 2 29th March 2009 12:06 AM
Newbie-friendly "printing in OpenBSD" guide wanted Shagbag OpenBSD Packages and Ports 5 7th July 2008 09:26 PM


All times are GMT. The time now is 03:39 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick