A long time ago I wrote the WANBalancer (with some help from a couple of the other rbTechies). WANBalancer is a FOSS package that does WAN failover and load balancing between 2 ISPs. It's hosted on Sourceforge, and the tarball you can download includes a specfile so you can rpmbuild against it and install it on a RHEL-like linux distro. We've updated and extended it over time to do things like allow internal hosts or subnets, to prefer one ISP over the other (e.g. the accountant that uses a banking site that hates connection resets should always use ISP1 unless ISP1 is down). It also does weighting of the Internet connections (e.g. send 50% over each, or 80/20 or whatever configuration makes sense for you).
We routinely deploy it on a minimal, hardened CentOS, running on Logic Supply hardware. We then use FWBuilder to manage the actual NAT and firewall rules (Mmmm, GUI), and you can run an instance of wondershaper on each outward facing interface for QoS (though remember that your ISP will cheerfully strip absolutely all tags off your outward bound packets). The advantages are that you have a full featured Linux router, so you can do things like wireshark, tcpdump etc. for traffic analysis. you also have a full Linux box and Bash shell for whatever other CLI magic you may like to throw at it. And if you go whole hog and toss in an SSD it's crazy fast to boot up. The disadvantage is that it's a full Linux distro and has no web GUI, so you'll need to be pretty comfortable at the command line. One of the Really Cool things about the WANBalancer is that you can route inbound packets to a single internal host or IP address, regardless of which connection it came in on. You can also manage your firewall over either ISP connection. Most of the commercial systems I've found only allow administration over one connection, and only a few support inbound PAT via either ISP (higher end Cisco and I've heard rumour that mid-high end Sonicwalls can as well). We find it super useful if you're running your own mailserver, and your 'primary' internet connection goes down: With the WANBalancer you can set up a secondary MX record and the inbound email simply routes in to the second connection if the sending server cannot connect to the primary. For teh most part we find that mailservers are more reliable than Internet connections, so it's nice to be able to offer that redundancy for little $$). Rubin Rubin Bennett rbTechnologies, LLC 1970 VT Route 14 South East Montpelier, VT 05651 (802)223-4448 x101 http://rbtechvt.com "Think for yourselves, and let others enjoy the privilege to do so too." Voltaire, Essay on Tolerance French author, humanist, rationalist, and satirist (1694 - 1778)
