[TriLUG] Dual-homed Internet?

Ryan Leathers rleathers at americanri.com
Fri Oct 22 10:13:01 EDT 2010 

  I've posted to this list on this topic before.  In contrast to the 
more elaborate designs I've encouraged in the past, these days I guess I 
tend to encourage simplicity.

You can what you are after using IPTABLES. You just need to do some 
mangling in the PREROUTING chain.  There are lots of examples of this 
all over the web.

My personal preference is to have a router sitting outside the firewall 
rather than doing it all in one place. Perhaps that is because years of 
Cisco experienced conditioned me to add a new device for every 
networking function, as some of my co-workers assert.  I prefer to use 
floating static routes on the router to handle fail-over there between 
the two upstream services.  By allowing the firewall to inspect for 
destination or protocol match, you can set the next hop address to be 
the interface you prefer. In this way you get rule-based preference 
based on packet inspection but automatic fail-over based on service 
availability.



On 10/22/2010 9:26 AM, Paul Bennett wrote:
> Hi,
>
> Any tips, tricks, suggestions, or gotchas regarding dual-homed setup?
>
> At home, my wife and I currently run two DSL lines. For some time, 
> I've been meaning to install a smart load-balancer to effectively 
> share both lines between both our PCs. It's never been a priority 
> because, well, DSL's DSL, and 2 * DSL / 2 == DSL.
>
> However, because she works from home, we're going to be replacing one 
> of the DSL lines with a T1, in order to get stability, guaranteed 
> ping, and guaranteed uptime.
>
> Therefore, setting up something clever has become a bigger priority. I 
> want to get set up so that ping-sensitive traffic goes to the T1 line, 
> and bandwidth-hungry traffic goes to the DSL line, among other things. 
> Also, since we'll have several static external IPs, I'm thinking some 
> 1:1 NAT would be good for our SIP devices and a web server.
>
> I'm thinking a severerly-hardened Gentoo box running Shorewall, with 
> Webmin, Nagios & MRTG, on a low-end Core2 Duo with 4GB of RAM and a 
> 10Krpm hard drive and/or cheap SSD.
>
> Anything I should know (especially about Shorewall) before I start RTFM?
>
>
>
> Thanks,
>
>
>

More information about the TriLUG mailing list