Anshuman Aggarwal wrote: >I have the following setup > > ISP1 ISP2 > | | >Shorewall Shorewall >Server 1 ------ Server 2 >10.0.0.1 10.0.0.2 > \ / > LAN > >I require the Server 1 and Server 2 to access the Internet via both >ISP1 and ISP2 ...
Do you want to load share, or just have failover ? If it would work to have each server use it's 'local' connection as a primary for all traffic, but fail over to the other connection in the event of a failure then I can see a way to make it work (dunno about Shorewall config though). On server 1, make the default route via ISP1, but provide a lower priority route to 0.0.0.0/0 via server 2. Similarly for server 2. While both connections are up, each server will use it's own connection - including routing traffic for internal machines*. If it's ISP connection is down**, then it will fall back to the lower priority route and send it's traffic via the other server which will route it out via the other connection. Of course, if both connections are down, the packets will ping-pong back and forth until they reach max TTL. * For 'load balancing' you will need to split your clients into two groups - half to use server1 as the default gateway, the other half to use server2. Or split them according to any other criteria you want. it might work to have routing policies on each server - but there's a complication. If a routing rule on server1 says to route via ISP2 (server2), then if ISP2 link is down, the packets will get punted back to server1 so you'd need your rules to cater for that and route such packets out instead of punting them back to server2. ** If it's not a connection type (eg PPP) where 'down' is obvious, then you'll need some means to monitor the connection and remove the default route when it's down. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
