-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christ Schlacta wrote:
> okay, so here's what I've been called upon to do:
> I have two ISPs and two separate LANs (we have a two-family household)
>
> lets call them lan1 and lan2, and isp1 and isp2.
>
> I've been asked if I could configure a router such that..
> all traffic from lan1 is sent through isp1 by default, and all traffic
> from lan2 is sent through isp2.
> additionally, each LAN may have services (http, sftp, ssh, etc.)
> both lan1 and lan2 will be using site-local IP addresses (192.168 and 10).
> lan1 and lan2 should be able to communicate with each other without
> complaint.
> if isp1 goes down, lan1 should be able to access the internet via isp2
> only until isp1 returns, and vice versa. (This should NOT apply to the
> dedicated bit-torrent downloader, which should simply lose connection if
> it's ISP goes down). (also, this rule shouldn't force existing
> connections from lan1 to drop from isp2 when isp1 returns, it should
> allow them to finish whatever they're doing (ssh sessions, long
> downloads, etc.)
There's nothing there that Shorewall can't do:
a) Since you want to allow failover, you will want to:
1) Set 'optional' on both external interfaces.
2) Run lsm
b) Set up masq for both internal networks through both ISPs.
c) Use route_rules to direct each local subnet to its associated ISP.
d) Use port forwarding to handle incoming connections. You can specify
the interface in the SOURCE column (e.g., 'net:eth0').
e) I would just have three zones: net, fw and loc with both lans in
'loc' and both external nets in 'net'.
- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkrHu24ACgkQO/MAbZfjDLKCCQCffYMeN/u9il6Wcvpim8IPakQY
9qcAn3AYseFNYD05MFDFU1F8lSGznSTZ
=BMkh
-----END PGP SIGNATURE-----
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
