[TriLUG] Dual-homed Internet?
Jonathan Woodbury
jpwoodbu at mybox.org
Fri Oct 22 16:07:23 EDT 2010
I've had great success using Debian with the base toolset (iptables, tc, ip,
bash) on slow/cheap hardware to make very nice firewall and routing devices
for small to medium business sized work loads. It's been very rewarding
from the perspective of getting closer to the tools that really do the
work. And I'd recommend browsing the http://lartc.org/ site for decent
guides on how to build a multi-homed setup like what you've described.
But if you're looking for something a little more user-friendly then I would
suggest investigating http://www.vyatta.com/ and their free Linux
distribution based on Debian. I should warn you that I've not actually used
it, but their feature set is impressive and I'd love for you to write back
and give us a review! :)
Jonathan
aka. The asserting co-worker of Ryan Leathers :)
On Fri, Oct 22, 2010 at 10:13 AM, Ryan Leathers <rleathers at americanri.com>wrote:
> I've posted to this list on this topic before. In contrast to the more
> elaborate designs I've encouraged in the past, these days I guess I tend to
> encourage simplicity.
>
> You can what you are after using IPTABLES. You just need to do some
> mangling in the PREROUTING chain. There are lots of examples of this all
> over the web.
>
> My personal preference is to have a router sitting outside the firewall
> rather than doing it all in one place. Perhaps that is because years of
> Cisco experienced conditioned me to add a new device for every networking
> function, as some of my co-workers assert. I prefer to use floating static
> routes on the router to handle fail-over there between the two upstream
> services. By allowing the firewall to inspect for destination or protocol
> match, you can set the next hop address to be the interface you prefer. In
> this way you get rule-based preference based on packet inspection but
> automatic fail-over based on service availability.
>
>
>
>
> On 10/22/2010 9:26 AM, Paul Bennett wrote:
>
>> Hi,
>>
>> Any tips, tricks, suggestions, or gotchas regarding dual-homed setup?
>>
>> At home, my wife and I currently run two DSL lines. For some time, I've
>> been meaning to install a smart load-balancer to effectively share both
>> lines between both our PCs. It's never been a priority because, well, DSL's
>> DSL, and 2 * DSL / 2 == DSL.
>>
>> However, because she works from home, we're going to be replacing one of
>> the DSL lines with a T1, in order to get stability, guaranteed ping, and
>> guaranteed uptime.
>>
>> Therefore, setting up something clever has become a bigger priority. I
>> want to get set up so that ping-sensitive traffic goes to the T1 line, and
>> bandwidth-hungry traffic goes to the DSL line, among other things. Also,
>> since we'll have several static external IPs, I'm thinking some 1:1 NAT
>> would be good for our SIP devices and a web server.
>>
>> I'm thinking a severerly-hardened Gentoo box running Shorewall, with
>> Webmin, Nagios & MRTG, on a low-end Core2 Duo with 4GB of RAM and a 10Krpm
>> hard drive and/or cheap SSD.
>>
>> Anything I should know (especially about Shorewall) before I start RTFM?
>>
>>
>>
>> Thanks,
>>
>>
>>
>>
> --
> This message was sent to: Jonathan Woodbury <jpwoodbu at mybox.org>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> http://www.trilug.org/mailman/options/trilug/jpwoodbu%40mybox.org
> TriLUG FAQ :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>
More information about the TriLUG
mailing list