Shorewall users - Oct 2007 - some basic multi-isp questions

Hi,

I would like to understand the "multi-isp" abilities of Shorewall. I 
noticed that some posts regarding multiple ISP''s talk about a proxy 
server - is this a typical http proxy web server, or is this a different 
meaning of the term "proxy"?

Is an http proxy server really necessary for this to work, or can 
shorewall just load balance: "if load on circuit A reaches threshold X 
open all new connections on Circuit B"?

The scenario is:

We have a 3 megabit dual T1 as our main internet connection. We also 
have a 3megabit DSL line that was just installed in case our T1 goes 
down for some reason (not yet connected to our network). It would be 
nice to have that extra bandwidth available to the LAN for downloads of 
large files, or days when internet usage peaks (so far, we really 
haven''t had any, but our network is growing)

Thanks,

Joel



-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/

JJB wrote:
> Hi,
> 
> I would like to understand the "multi-isp" abilities of
Shorewall. I
> noticed that some posts regarding multiple ISP''s talk about a
proxy
> server - is this a typical http proxy web server, or is this a different 
> meaning of the term "proxy"?
Just a normal http proxy (Squid).
> 
> Is an http proxy server really necessary for this to work,
No. It is just that people have encountered issues when running a proxy on
the firewall (helped along by a bug that is present in many versions of
Shorewall -- see the Shorewall home page).

or can
> shorewall just load balance: "if load on circuit A reaches threshold X
> open all new connections on Circuit B"?
There is no capability like that. And Shorewall itself doesn''t
load-balance.
It simply configures a multi-path default route which causes the Linux IP
stack to balance in round-robin fashion. You can favor one link over the
other by assigning weights in the OPTIONS column of the providers file.
> 
> The scenario is:
> 
> We have a 3 megabit dual T1 as our main internet connection. We also 
> have a 3megabit DSL line that was just installed in case our T1 goes 
> down for some reason (not yet connected to our network). It would be 
> nice to have that extra bandwidth available to the LAN for downloads of 
> large files, or days when internet usage peaks (so far, we really 
> haven''t had any, but our network is growing)
That''s doable with Shorewall but the DSL line would be in use all of
the
time, not just when traffic was heavy. Again, Shorewall doesn''t add any
capability other than what is available in the Linux implementation of
policy routing. And given that Shorewall isn''t something that runs
continuously in your system, there is no capability for failover when one
link fails (although such a capability is fairly easy to script).

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key





-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/