On 10/13/05, Rajkumar S <[EMAIL PROTECTED]> wrote: > Create NAT-Rules for your WAN-POOL > > 1. visit firewall>NAT>Outbound > 2. enable advanced outbound nat > 3. check the automatically created rules. > 4. create rules for all your internal networks to map to OPT interfaces.. > (one rule for > each internal network to each opt-interface in the pool) > > I could not understand this? Which OPT interface? "each internal network" ? > I have only one.
This is mainly a confirmation that the source addresses for your internal network(s) will be presented to the internet correctly. If it looks right, don't do anything. > Policy based balancing > > 1. Edit a firewall rule on the LAN or Optional interfaces. > * NOTE! We do not recommend editing the default pass all rule! > Create a new > rule before the default rule for your policy. > 2. Set the gateway to the newly created pool > > Done!. > > It seems the loadbalancer is working. I am able to tcpdump the second gateway > and see some good :) > packets. But when I traceroute from the lan, all packets goes via the first > gateway. Also State tables. Wait a while try again. Eventually you'll get on the other side of your new 50-50 logic as to which link a new IP flow will go down. > can I specify the priority of each gateway. ie I have an 1mbps link and a > 256kbps, out of > 5 packets 4 must go through 1mbps link and one via 256 kbps. Also in the > wish list is to Not today. I think I have this locked out right now, but you can do ratio based load balancing...put the 1Mbit link in the gateway pool 4 times and the 256K link once - that would have the same effect. Again, I believe this isn't currently possible in the UI, if you're willing to test it, I'll open it up (I have a MUCH larger discrepency at home 8Mbit and 384Kbit, so I don't load balance, I send targeted traffic out each link). > specify one gateway for some ips. ie dns and smtp server for first isp should > always be > routed via first isp and vice versa. Policy based routing. Create a rule for each item you'd like to direct over a given link. Remember, we're a first match system, just place the more specific rules first in your list and it'll match. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
