On Wed, Aug 15, 2001 at 04:24:39PM -0700, Christopher Maujean wrote:
>
> I want to rebuild my network to look something like:
>
> { internet {T1} } +---{ backup (failover) internet {1Mg IDSL} }
> | |
> { thing.premierelink.com firewall/Primary DNS]---{ internal office net }
> |
> +---------+ DMZ?
> | |
> [ Web ] <+
> [ Mail ]
> [ Secondary DNS ]
> [ Web2 ]
> [ Other servers ]
>
> I have all the hardware I need,
> What I am having trouble with is all of the networking stuff.
> I have 2 registered subnets for use as well:
> 216.36.9.0 on the IDSL
> 64.42.86.0 on the T1
>
>
> I'd like the T1 to handle most requests.
> If the T1 is down, I'd like the IDSL to take over.
Have you talked with anyone about this? Like your provider? Are the two lines
from the same provider? If not, there is no known way to do this. If it's the
same provider, they need to support BGP - border gateway protocol. This allows
you to receive from one IP address and talk out the other, or vicaversa. This
would occur when your default gateway is set to one IP. Talky comes in on the
2nd Ip address, but talky goes out the default gateway, hence the primary Ip
address. The result? No communication on the 2nd IP address without bgp.
The requests go where, www.premierlink.com? You'll probably want
www.premerielink.com to resolve to both ip addresses. Ie
$ nslookup google.com
Name: google.com
Addresses: 216.239.35.100, 216.239.39.100, 216.239.33.100
>
> The firewall box is a 700Mhz Athlon with 256 Meg of ram. 10gb disk.
>
> I have 4 10/100 cards I can use, but I am way over my head on the routing,
> firewalling, nat, adn gateway.
>
> If I put debian on thing, what packages am I going to need, what kernel
> should I use, and what are the main config files I'll be playing with?
>
> Anyone? *eep*
Since you seem to not know about ipchains/iptables/others, I'd suggest
2.4.x kernel, iptables
Look under the meeting minutes/iptables on euglug.org for a start there.
Packages:
iptables
kernel-source-2.4.5
First make sure to talk with your provider about failover IPs, etc.
Cory
>
> --
>
> Christopher Maujean
> IT Director
> Premierelink Communications
> www.premierelink.com
> [EMAIL PROTECTED]
>
> PLEASE encrypt all sensitive information using the following:
> GnuPG: 0x5DE74D38
> Fingerprint: 91D4 09FE 18D0 27C1 A857 0E45 F8A4 7858 5DE7 4D38
>
> http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x5DE74D38
>
