Hi all,
I have a setup that seems (to me) a little complex.
We have a server that is a firewall, web server, does NAT, dns, mail...
you name it, this thing probably does it.
It is running Shorewall 4.0.14 on Debian Etch.
We have an internet connection from TWC, 5mbit/768k and a full T1 from
Nuvox.
We have /29''s from both and all addresses are being used on 2 separate
NICs on this machine with the third for the
local network.
This machine is also running Squid in transparent proxy mode.
eth0 is TWC, eth1 is local and eth2 is Nuvox.
I have read the document @ http://www.shorewall.net/MultiISP.html
I have Squid piping web traffic over the TWC link, and when I load up a
page such as ''whatismyip'' I see the address that I told Squid
to use per
the howto.
The issues I am having specifically.... DNS is really slow (we run a
local nameserver with internal and external views) and web browsing is slow.
I believe that browsing being slow is a result of DNS being slow.
DNS is slow on the network, or on the firewall machine itself.
If I change the ordering of servers in resolv.conf it does not matter -
it remains slow. (slow is taking 20-30 seconds for a reply/timeout)
Now... if I yank the entries in /etc/shorewall/providers and restart it
everything goes to normal.
However, I don''t know if this is really a good thing.
What I am trying to accomplish is using the TWC link for web browsing,
backup DNS, etc and the T1 for the few sites we run where upstream speed
is a little more important.
Does anyone have any ideas on what I should look at?
Is it okay to leave it the way it is?
Am I really just asking way too much of this one poor machine?
Thanks!
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you. Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/