OpenBSD's PF does indeed rock. I find it significantly more straightforward than IPtables.
That having been said, this is a task that would look to require some interesting upkeep. -sc -----Original Message----- From: Ben Scott [mailto:[email protected]] Sent: Wednesday, April 01, 2009 9:03 PM To: NT System Admin Issues Subject: Re: OT: Bandwidth Splitting? On Wed, Apr 1, 2009 at 5:45 PM, Andy Ognenoff <[email protected]> wrote: > The tricky part that I can't seem to figure out is that I need outbound 80 > and 443 for *some* sites over the Metro-E connection. The goal would be to > use the Metro-E connection for SaaS apps we subscribe to and then use the T1 > for things like Google, news sites, etc. all from the same workstation. You can do this in Linux with IPtables and policy routing and packet marking. Over the years our home-grown Linux firewall scripts have evolved to do things like this and more. Conceptually, it's easy: You build a chain matching the destination sites, mark packets matching that chain, and then create routing rules to route marked packets differently. Putting it all together is somewhat arcane, though. It's not something I'd suggest if you don't have solid *nix experience. I've heard *BSD and its pf (packet filter) suite are better at this, but I've never tried it myself. There may be canned "firewall appliance" distributions that make this easy by now. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
