Assuming you have two firewalls, one for each connection, then you can bring up a server box with three network connections: - Connection Out1 to the interior of firewall 1 - Connection Out2 to the interior of firewall 2 - Connection Int to your internal network
We'll call the server box "DMZ". You'll run a private network between the DMZ server and each of the firewall boxes, and then you'll run a third private network for your internal network. Setup the Linux Virtual Server on DMZ. The twist here, is that you will be sort of setting it up in reverse. The virtual server can be set to use Round Robin in sending out the packets, and you can vary which protocol goes down which path. You can tweak it a bit so that a connection to an external resource continues to go out the same path, but that a new connection to a different resource goes out the other path. I use the LVS a lot at HAHT, but only for incoming load-balancing / High-availability. Another nice feature of the LVS is that you can weight connections, and change the weight of the connections on the fly, so if one resource gets overloaded, you can adjust the weight so that the majority of your new requests go out the least used path. That LVS is some hot s**tuff Jon === On Friday 15 February 2002 12:34 am, Tanner Lovelace wrote: > Greetings, > > I temporarily have an interesting problem that perhaps someone here > can help me out with. I have a computer connected to the internet > with both DSL and cable (both static IPs) and I want connections > that come in on one interface to be able to go out on that interface. > I read the advanced routing howto and figured out how to use > iproute2 (the ip command) to setup different routing tables based > on various attributes (i.e. policy routing). Unfortunately, this > doesn't seem to help me very much. Basically, what seems to happen > is that linux always originates IP packets from one of my two addresses > and when it sends it out the default route, whichever address is > not from the default route (i.e the cable address going out the DSL > interface) doesn't work very well. :-) I think what I need is > to setup IP masquerading so that it can keep state of the connections > and send the correct connections out the correct address (changing > the originating IP as needed). Oh, and I need to do this under > 2.2.19, so IPtables is out. :-( I pretty much understand how > IPtables work, but IPchains, which I must use since I'm under > a 2.2.x kernel, just confuses me. Can anyone give me an suggestions > for how to accomplish this? (And, please, no suggestions that I > upgrade to 2.4. This is an internet server with the openwall > security patches, which aren't available for 2.4 yet [yes, > I know about the other set of patches, but I would prefer to have > them tested first].) > > Thanks very much in advance, > Tanner
