LARTC - Dec 2001 - Dual Internet Connection Routing

I have two DSL lines in my office. I want to setup a
linux system acting as a firewall and gateway (or
bridge) which will connect the two routers to my
office LAN as shown below. The system will have three
ethernet interfaces: two for the routers and one for
connecting to the LAN through the switch.

 +-------------+   +----linux--PC--+
 |  DSL Router |   |               |   
 |   static IP |===<>--firewall    |   
 +-------------+   |               |    +----------+
                   |               <>=== LAN Switch
 +-------------+   |               |    +----------+
 |  DSL Router |===<>--firewall    | 
 |   static IP |   |               |   
 +-------------+   +---------------+
                    
<> ethernet interfaces

Both the routers have static external IPs. I want the
traffic to be equally divided between the two DSL
lines and in case one of them is down, the other one
should take up the entire load. The linux box will
also function as a firewall. Now how should I go about
configuring the system. Is it feasible to have two
parallel firewalls on the same system ? How do I
configure the routing to meet my requirements.

Thank you,

__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

On Wed, Dec 19, 2001 at 09:59:23PM -0800, K M wrote:
>  +-------------+   +----linux--PC--+
>  |  DSL Router |   |               |   
>  |   static IP |===<>--firewall    |   
>  +-------------+   |               |    +----------+
>                    |               <>=== LAN Switch
>  +-------------+   |               |    +----------+
>  |  DSL Router |===<>--firewall    | 
>  |   static IP |   |               |   
>  +-------------+   +---------------+
Nice ASCII!

The only easy way to do this is to have both DSL routers as default gateway
with the ip nexthop syntax, and do masquerading on both interfaces, and then
add policy routing to make sure that packets in a session that started on
ADSL router 1 *stay* on ADSL router one.
> Both the routers have static external IPs. I want the
> traffic to be equally divided between the two DSL
> lines and in case one of them is down, the other one
> should take up the entire load. The linux box will
This probably requires some CRON magic to detect when a link is down, and
you should then adjust your default gw.
> also function as a firewall. Now how should I go about
> configuring the system. Is it feasible to have two
> parallel firewalls on the same system ? How do I
> configure the routing to meet my requirements.
It is very feasible to have multiple firewalls on one linux machine. 

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc