| 1 |
On 12.04.2008 21:11, Mark Knecht wrote: |
| 2 |
> Hi all, |
| 3 |
> I need to get a second ISP line into the house. I currently have a |
| 4 |
> cable modem but it goes down once in a while and my work requires |
| 5 |
> higher reliability so I was thinking of getting a DSL line to |
| 6 |
> supplement it. I'd like to investigate creating some sort of |
| 7 |
> firewall/router that could do the following: |
| 8 |
|
| 9 |
1. Load balancing is easy. Just read up on it. http://lartc.org/ is a |
| 10 |
good start. Basically, you will have to modify your iptables and |
| 11 |
routing table rules. |
| 12 |
|
| 13 |
2. Check the time extension of iptables. Also many services and daemons |
| 14 |
have in built facility for day and time based access control. For |
| 15 |
example xinetd offers data and time based access control. You might |
| 16 |
want to go that route depending on what service you want to control. |
| 17 |
|
| 18 |
3. Automatic failover is the hard part. AFAIK, Linux can determine if |
| 19 |
the next hop is down and do automatic switch over. But if you have a |
| 20 |
problem further down the line, kernel won't detect it. For DSL, you |
| 21 |
might want to use your modem as a bridge and connect directly with PPP |
| 22 |
to your ISP so that you can detect if the link goes down (that seems to |
| 23 |
be most common case). I do not know if the same is possible with cable |
| 24 |
modems as I have not used one in a long time. Another alternative is to |
| 25 |
run a cron job that pings a certain host(s) on the internet and |
| 26 |
depending on the result adjusts the routing the table accordingly. |
| 27 |
|
| 28 |
HTH |
| 29 |
-- |
| 30 |
Eray |
| 31 |
|
| 32 |
> 1) Load balance between the two lines during the day. I get download |
| 33 |
> speeds of about 6Mb/S from my current Cable Modem and supposedly about |
| 34 |
> 3Mb/S from the DSL. I'd like to get something like 8-9Mb/S aggregate |
| 35 |
> from the two together if possible. |
| 36 |
> |
| 37 |
> 2) I need rules that keep certain machines off of the cable modem |
| 38 |
> during specific hours. |
| 39 |
> |
| 40 |
> 3) I MUST have some sort of AUTOMATIC switch over such that if one |
| 41 |
> line goes down the second line takes over and runs everything while at |
| 42 |
> the same time informing me that a line is down. This machine must be |
| 43 |
> able to test, once a minute or faster, that both lines are up and take |
| 44 |
> action immediately if something is wrong. It must then correct if the |
| 45 |
> down line comes back up. |
| 46 |
> |
| 47 |
> 4) I can either use this same machine as a firewall or I can simply |
| 48 |
> hook it to my existing LinkSys since I'll still need wireless to get |
| 49 |
> around the house. I figure I'll run the LinkSys inside this Gentoo |
| 50 |
> machine anyway. I figure I'll want a firewall on this machine since it |
| 51 |
> will be directly on the net anyway. |
| 52 |
> |
| 53 |
> Are features like this available in some sort of package from portage? |
| 54 |
> |
| 55 |
> Note that I'd be perfectly happy buying some box for less than |
| 56 |
> $100-$200 that could do all of this automatically but I haven't found |
| 57 |
> one yet. |
| 58 |
> |
| 59 |
> Thanks, |
| 60 |
> Mark |
| 61 |
-- |
| 62 |
gentoo-user@l.g.o mailing list |
Archives