Hi,

I have a multi-homed OBSD box acting as a firewall/gateway for a
number of LAN and DMZ behind it.

This box has a dual internet connection via xDSL routers, each one
connected to a single "rl" ethernet interface. The box is natting and
load balancing on both DSL lines.


| |
| |
+---------------+
| Firewall |
+-+-----+-----+-+
| | |
LAN DMZ1 DMZ2


I would like to connect the 2 DSL lines to a single interface on the
firewall (and thus being able to load-balance on an unlimited number
of external lines) like this:

a.b.c.d x.y.w.z e.f.g.h
| | |
<...>
| | |
.2 \ .3| .z/ <--- Private IP net 10.x.y.z
\ | /
\ | /
+--+----+----+--+
| HUB/SWITCH |
+-------+-------+
|
| 10.x.y.1
+-------+-------+
| OpenBSD |
+--+----+-----+-+
| | |
LAN DMZ1 DMZ2

The catch is that the OBSD box must "NAT" each outgoing connection
with it's own valid IP address (that is: based on the "gateway" and
not based on the interface). Sure: I can enable NAT on the DSL routers
but I would like to have more control over which "inside" address gets
mapped to which external address. For example Server1 from DMZ1 must
go out as IP a.b.c.3 when using DSL1 and x.y.w.11 when using DSL2,
while Server2 must have a.b.c.4 and x.y.w.12. On the other hand, LAN
must be squashed to a few addresses only. Most cheapo dsl routers will
not allow me this.

Any hints on the syntax to write the "nat" and "route-to" rules?
Is it at all possible or do I really need a single interface for each
router?

Thank you,
Max.