Subject: Utilising multiple routes to internet
To: None <tech-net@netbsd.org>
From: David Brownlee <abs@absd.org>
List: tech-net
Date: 01/10/2006 18:26:23
 	We have a site with 2M SDSL and a 4M/768k ADSL links, both via
 	external router boxes.

 	The external gateway box also acts as a transparent squid proxy,
 	so its ipnat.conf contains:

 	It has:

 	    $intif	- internal interface
 	    $intip	- IP address of internal interface

 	    $extif	- primary external interface
 	    $extip	- IP address of external interface

 	    $altif	- alternative external interface
 	    $altip	- IP address of alternative external interface
 	    $altgip	- IP address of alternative gateway

     rdr $intif $intip port 80    -> 127.0.0.1 port 80 tcp
     rdr $intif 0.0.0.0/0 port 80 -> 127.0.0.1 port 3128 tcp

 	ipf.conf lets most traffic route out normally, but sends any tcp
 	traffic directly from this box to the alternative gateway via the
 	alternative interface.

     pass out quick on $extif to $altif:$altgip proto tcp from $extip to any flags S keep state

 	This all works very well, any traffic from the internal hosts
 	goes out via the normal $extif, while web traffic and anything
 	run directly from the gateway goes via $altif. I could easily
 	split the "pass out quick on" to a set of port = 80 and similar
 	rules, but chose not to.

 	Now, if a tcp connection comes in on $altif to $altip then
 	the return data always goes out on $extif _from_ $extip.
 	Is there any way to get that connection's return traffic
 	to come from the IP addres to which it connected ($altip?)

 	Short of using XEN to setup two virtual machines each with a
 	different default route, what obvious way am I missing to get
 	this box to be able to use two route to the internet?

-- 
 			   David Brownlee -- abs@absd.org