I have, for the time being, decided to split my dual ISP/single shorewall connection into two shorewall connections/boxes, each handling one ISP.
I am running OSPF in the network and so far things are working out
fairly well (from a client of the two gateways).
$ ip route ls
10.33.66.2 via 10.75.22.199 dev eth0 proto zebra metric 20
192.168.200.1 via 10.75.22.254 dev eth0 proto zebra metric 20
192.168.0.0/24 proto zebra metric 20
nexthop via 10.75.22.137 dev eth0 weight 1
nexthop via 10.75.22.137 dev eth0 weight 1
10.75.22.0/24 dev eth0 proto kernel scope link src 10.75.22.1
10.75.23.0/24 via 10.75.22.199 dev eth0 proto zebra metric 20
72.38.184.0/23 via 10.75.22.199 dev eth0 proto zebra metric 20
169.254.0.0/16 via 10.75.22.254 dev eth0 proto zebra metric 20
default proto zebra metric 10
nexthop via 10.75.22.199 dev eth0 weight 1
nexthop via 10.75.22.254 dev eth0 weight 1
I would like/need to implement some policy routing though, due to
brain-deadeness and bandwidth tradeoffs between the two ISPs (one has
great policies, no port blocking or traffic shaping, etc. but lower in
bandwidth and other is draconian but great bandwidth).
I'd rather not implement the policy on each client in the network
though.
It seems to me that I could implement the policy using "ip rule" and "ip
route" on the two shorewall gateways and have them a) move the traffic
for the other's ISP between them and b) send redirects to the clients as
needed.
Certainly this is doable manually, but since shorewall does ip
r{oute,ule} manipulations, I wondered if there was any facility to do
this?
It seems it's a bit of a perversion of providers, but would it be much
of perversion? Would it be as simple as pointing to the other gateway's
internal address as the 2nd provider, as if it were the IP of the other
provider?
Thots?
b.
--
My other computer is your Microsoft Windows server.
Brian J. Murrell
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
