Custom NAT?



  • I've got a work problem here that I'm trying to deal with.  It isn't a pfSense issue per se, but I'm figured I'd toss is out there for others to ponder.

    I have a java programmer that is writing a client/server application.  He is opening a TCP socket and sending commands down that socket.  He would like to load balance that application, and in fact has a load balancer that is very nice, it can go so far as to tear apart packets, look for identifiers and then send it along it's way to the server farm.

    The problem is that the balancer can only listen on a finite number of ports, and this game engine of his eats up 2 TCP ports for each instantiation.  This has left me in a bind, as the coders have decided that they would like to get it to always have the balancer listening on 80/443, and at some point move to HTTP request encapsulation (for use with HTTP proxy servers), but then it leaves me in a bit of a routing/NAT conundrum.  The programmer doesn't deal with individual packets, just sockets.  I'm trying to find a way to identify and redirect traffic off a single port to multiple ports on a per-packet basis, each with a unique identifier.  My first response would normally be "pick another port", but I can't do that in this case.  The balancer manufacturer has essentially stated that if we can provide an identifier, it can work the rest of the NAT magic.  The coder is using lingo has his language on the client side, and java on the server side.

    What a mess. :P  Anyone ever have this issue before?  The first thought that hit me was mangle rules, but that still doesn't do it.  He has to know how to embed an id on a per-packet basis, right?


Locked