On Mon, Sep 24, 2012 at 05:55:42PM -0500, Brian Lucas wrote: > We were thinking about maybe directing > all UDP traffic to the 50M line and all TCP traffic to the 15M line > but that isn't in stone yet.
You expect more UDP traffic than TCP then? I would suggest use the 50M line as primary, and the 15M for failover. Otherwise, configure so that 1/4 of your users use the 15M line, and 3/4 of your users use the 50M line. (You really don't want to round-robin the same user between multiple links, it will cause you all sorts of grief as their public IP changes) > Is this even going to be possible with > the equipment we have? Depends on what you plan to use for your gateway router. If you have one LAN and want to direct some users down each WAN link, then your gateway will need to be able to route and NAT accordingly. I'm pretty sure pfsense can do some sort of load-sharing between multiple WAN links; you just need a small PC with 3 or more NICs. Otherwise, you can try to do something with iptables maybe - but if you want automatic failover you'll need to script something which polls the upstream links and updates routes. Also have a look if Vyatta can do this, then you could run it as a VM. > We're thinking its probably going to have to > be out of band to allow the 2 modems to be hooked up to the two WAN > ports on the router. In this scenario is pf going to be able to > quarantine a user for bittorrent traffic or a bad virus scan? Should be fine. If packetfence is inline then snort can happily sniff the traffic. If packetfence is out of line then you need a mirror port on a switch, linked to another ethernet port on the packetfence box. DISCLAIMER: I am new to packetfence myself, and I know I don't fully understand it yet. Regards, Brian (another one) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
