Hi all, I have a setup that seems (to me) a little complex. We have a server that is a firewall, web server, does NAT, dns, mail... you name it, this thing probably does it. It is running Shorewall 4.0.14 on Debian Etch.
We have an internet connection from TWC, 5mbit/768k and a full T1 from Nuvox. We have /29's from both and all addresses are being used on 2 separate NICs on this machine with the third for the local network. This machine is also running Squid in transparent proxy mode. eth0 is TWC, eth1 is local and eth2 is Nuvox. I have read the document @ http://www.shorewall.net/MultiISP.html I have Squid piping web traffic over the TWC link, and when I load up a page such as 'whatismyip' I see the address that I told Squid to use per the howto. The issues I am having specifically.... DNS is really slow (we run a local nameserver with internal and external views) and web browsing is slow. I believe that browsing being slow is a result of DNS being slow. DNS is slow on the network, or on the firewall machine itself. If I change the ordering of servers in resolv.conf it does not matter - it remains slow. (slow is taking 20-30 seconds for a reply/timeout) Now... if I yank the entries in /etc/shorewall/providers and restart it everything goes to normal. However, I don't know if this is really a good thing. What I am trying to accomplish is using the TWC link for web browsing, backup DNS, etc and the T1 for the few sites we run where upstream speed is a little more important. Does anyone have any ideas on what I should look at? Is it okay to leave it the way it is? Am I really just asking way too much of this one poor machine? Thanks! ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
