On Wed, Feb 28, 2001 at 08:34:31PM -0000, OpenBSD-misc wrote:
>for my network (about 500 hosts) and inbound port forwarding
>("rdr") for about 40 machines. With both functions on the same
>box, and with clients pointing to the internal NIC of the NAT
>machine as their default gateway, there is no problem. But I'd
>like to separate the inbound redirector service from the
>outbound NAT service over two machines. Has anyone done this
>before? The intention is to avoid over-enthusiastic NAT users
>affecting the inbound services, and to provide some level of
>fault-tolerance. (If one box died, I'd just load the extra
>rules onto the other, fix a little routing and carry on.)
I would devide the machines in two groups.
500 clients use NAT1
40 server use NAT2
or
500 clients + 35 server use NAT1
5 critical servers use NAT2
or
...
The fail over could work like so. Put four NICs in each box and
have the exact same setup. If one fails you just move the
Ethernet cables and all is well again. I am pretty certain even
the local tape monkey can learn howto move the cables.
|