what if one of our incoming connections ip was dhcp assigned? warmest regards,
Chris Yarger web: http://YargerDesigns.org skype: cpyarger msn: [email protected] aim: patyarg yahoo: christoyarg ( ) ASCII ribbon campaign X against HTML e-mail / \ On Sun, Aug 16, 2009 at 10:25 PM, Rubin Bennett <[email protected]> wrote: > On Sun, 2009-08-16 at 21:45 -0400, john bertelsen wrote: >> Chris, I am also on the IPCop mailng list. This question has come up >> on that list. Invariably folks say that IPCop is not designed to do >> this and to try pfsense. >> >> I have been using IPCop as our home router for about two years now. >> There is discussion about a version 2.0 coming out this fall. However, >> I don't think load balancing is part of it. I potentially have a need >> for load balancing at work so am starting to look into pfsense. >> >> John Bertelsen > > Chris - > > There are 2 parts to your question (and forgive me if I missed > something, I looked at your diagram for a total of about 10 seconds). > > First part: Getting a linux box to perform outbound load balancing is > fairly simple to accomplish; it's really a single command: > > ip rule add scope global nexthop {first default router IP} dev {ethx} > weight 1 nexthop {second default router IP} dev {ethx} weight 1 > > That command tells the system to add a dual default route for outbound > traffic, and assumes that the 2 connections have identical speeds (i.e. > both connections are weighted the same). > > Take the following example - suppose you have a 768k/3mb DSL connection > with a default route of 10.0.1.1, and another Cable connection with > 2mb/20mb (gateway of 24.48.1.1). The DSL is connected to eth0, and the > Cable is on eth1 > > WANIF1=eth0 > WANGW1=10.0.1.1 > WAN1Weight=3 > > WANIF2 > WANGW2=24.48.1.1 > WAN2Weight=20 > > ip route add scope global nexhop via $WANGW1 dev $WANIF1 weight \ > $WAN1Weight nexthop via $WANGW2 dev $WANIF2 weight $WAN2Weight > > And done! > > I've done this many times and it works perfectly well as long as you're > only dealing with traffic generated from *behind* your firewall > (outbound)... > > The problem is that most of us have stuff that's coming IN to our > networks as well (i.e. PAT) because we're running servers of some flavor > behind our routers. Then, in addition to the above command, you're on > the descent into hell known as Linux IP connection tracking, extra > routing tables, packet tagging etc.. In other words, it's down the > rabbit hole for you... LARTC is black arts, man... > > Full in and out-bound load balancing is something I've done with some > success but it's a royal PIA to set up and get working, and is not > easily 'splained in an email. However, once it's set up, it works most > excellently! > > Rubin > > -- > Rubin Bennett > rbTechnologies, LLC > 80 Carleton Boulevard > East Montpelier, VT 05651 > > (802)223-4448 > http://thatitguy.com > > "Think for yourselves and let others enjoy the privilege to do so too." > Voltaire, Essay on Tolerance > French author, humanist, rationalist, & satirist (1694 - 1778) >
