Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Custom NAT?

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Numbski
      last edited by

      I've got a work problem here that I'm trying to deal with.  It isn't a pfSense issue per se, but I'm figured I'd toss is out there for others to ponder.

      I have a java programmer that is writing a client/server application.  He is opening a TCP socket and sending commands down that socket.  He would like to load balance that application, and in fact has a load balancer that is very nice, it can go so far as to tear apart packets, look for identifiers and then send it along it's way to the server farm.

      The problem is that the balancer can only listen on a finite number of ports, and this game engine of his eats up 2 TCP ports for each instantiation.  This has left me in a bind, as the coders have decided that they would like to get it to always have the balancer listening on 80/443, and at some point move to HTTP request encapsulation (for use with HTTP proxy servers), but then it leaves me in a bit of a routing/NAT conundrum.  The programmer doesn't deal with individual packets, just sockets.  I'm trying to find a way to identify and redirect traffic off a single port to multiple ports on a per-packet basis, each with a unique identifier.  My first response would normally be "pick another port", but I can't do that in this case.  The balancer manufacturer has essentially stated that if we can provide an identifier, it can work the rest of the NAT magic.  The coder is using lingo has his language on the client side, and java on the server side.

      What a mess. :P  Anyone ever have this issue before?  The first thought that hit me was mangle rules, but that still doesn't do it.  He has to know how to embed an id on a per-packet basis, right?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.