Bridging mode with traffic redirection ?

  • Hi there,

    I support a network for a number of companies hosted on one site.  They all share the same 2mbit leased line for the internet so as you can imagine it gets quite congested.

    The current setup looks something like this: (IP addresses changed to protect the innocent :D)

    This setup is pretty set in stone (for now at least) so I cant make any real changes to anything on the diagram without a LOT of hassle.

    What i want to do is this:

    Drop a pfSense box in bridging mode (so its effectively transparent to the existing network) and then enable redirection of HTTP, HTTPS, FTP, and some other traffic (outbound requests) over the ADSL line.  In addition i want to add traffic shaping to prioritise H.323 traffic, but I will deal with that later.

    This would offload a large bulk of the traffic on the leased line and leave it clear for VPN, Video Conferencing, and web server traffic.

    So the real questions:  How do I do this ?  Will pfSense do this ?  If not, what will ?

    I have already sorted the pfsense box, and dropped it in using bridging mode.  I have tried using gateway redirection for all HTTP traffic but it doesnt seem to be working so i`m obviously missing something (NAT maybe ?)

    Can anyone help ?

    I am currently using the beta of V2 but if this can be done with the more stable 1.2.3 then that would be ideal.

  • Just a thought, if this is impossible / impractical, how would you solve the problem given the requirements:

    • Require as little change to existing systems

    • Take all HTTP outbound requests and send them over the ADSL

    • QOS all traffic going to the Leased line, prioritising all traffic to/from one of the IPs (say 22.1) for video conferencing

  • I dont think your plan to redirect traffic with a transparent bridge will work.

    How i would solve it:
    Use a pfSense instead of the cisco.
    Put the cisco in front of the pfSense.
    Like this you have to do no configuration for the network and only have to do changes on the routers.

Log in to reply