I totally understand that concept. Here's what I had in mind.
perform nat
forward using a load-balancing multipath route
This would, of course, relegate response traffic to a single link and clients would have to be mapped appropriately to the available public IPs.
This would be the download accelerator. I think one of us is confused here. We're not contemplating a configuration for Russ and the precise application that is causing the bandwidth shortage is ambiguous. Here's the best clue.
"Usually someone starts screeming that he has important client on the demo and someone is using all internet on his line. Then I have to figure out who else is set to that gateway and move them somewhere else."
So, this would be a reverse lsnat. It is entirely based on iptables hacks or does some nat actually support such a thing?
Been looking at them, but haven't deciphered enough to figure out if your idea of their function matches the reality of their function and not a single one seems to detail its operation in plain English. It's all very difficult to interpret as I have not had any hands-on with the featured software.
Here's the free solution I have devised. It won't combine the bandwidth so-to-speak, but it will share the links among clients in a semi-random fashion. It involves two routers. The load balancer I have devised requires Internet gateways in different logical networks and since your four connections are from the same provider, they probably reside in the same logical network. So, the first router NATs the public IPs to four discrete logical networks and the load balancer routes traffic semi-randomly across the four. This also has the added benefit of creating a DMZ.
Topology
modems__router1__switch__router2
router1
Requires a couple of two-port NICs to which the modems are connected and a third NIC to which the switch is connected. The third NIC is addressed to four discrete logical networks and each public IP is natted to one of the four. Internet servers may be plugged into the switch and ports forwarded from router1.
router2
This is the load balancer. Requires two NICs. One NIC is addressed to the four discrete logical networks created with router1 and the other is addressed to the client network. Tweak the following configuration for the load balancer.
Client Load Balancing: LSNAT-router using IPFW and NATD on FreeBSD 6.0
The Internet gateways must reside in different logical networks for this configuration to work.
instance other alias_address 195.16.87.38 port 8669
globalport 9000
Configure IPFW (/etc/ipfw.rules)
-f flush
add skipto 20000 ip from any to 192.168.102.62 in via ste0 add skipto 30000 ip from any to 195.16.87.38 in via ste0
add divert 9000 ip from any to any out via ste0 add skipto 40000 ip from { 192.168.102.62 or 195.16.87.38 } to any out via ste0 add prob .5 skipto 20000 ip from any to any out via ste0 add skipto 30000 ip from any to any out via ste0
add skipto 40000 ip from any to any
add 20000 divert natd ip from any to any add skipto 40000 ip from any to any
add 30000 divert 8669 ip from any to any add skipto 40000 ip from any to any
add 40000 check-state add deny ip from 192.168.10.0/24 to any via ste0 add allow ip from me to me via lo0 keep-state add deny ip from me to any in
add allow ip from 195.16.87.38 to { me or 195.16.87.32/29 or
192.168.102.0/24 or 192.168.10.0/24 } keep-state add forward 195.16.87.33 ip from 195.16.87.38 to any keep-state add allow ip from me to any keep-state add deny ip from me to any add allow icmp from any to me icmptypes 3,4,8,11 keep-state add deny ip from any to me
add allow ip from 192.168.10.0/24 to any keep-state add deny ip from 192.168.10.0/24 to any add allow icmp from any to 192.168.10.0/24 icmptypes 3,4,11 keep-state add deny ip from any to 192.168.10.0/24
The above are source-based routing rules. As long as the ISP doesn't use modem-level antispoofing, devising a configuration to do per-packet balancing should be fairly simple. Something like the following.
add allow ip from 195.16.87.38 to { me or 195.16.87.32/29 or
192.168.102.0/24 or 192.168.10.0/24 } keep-state add prob .5 forward 195.16.87.33 ip from me to any keep-state add allow ip from me to any keep-state
Another cool thing about this configuration is that a server can be addressed to all four networks and ports forwarded from each public address to use round-robin DNS for load sharing across all four WAN links. The server would have to support multipath forwarding on response traffic, though.
Actually, I believe this configuration will still suffer from the lack of multipath route support on FreeBSD. This configuration definitely works when routing over different providers, but I think it will still have problems using parallel links to the same provider.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.