Friends,
This seems to be an interesting conundrum. I have a medium-sized LAN fed
by a server with six ethernet ports, as follows:
eth0 = Static IP 3Mbps/640Kbps, business class connection with ISP; stable
eth1 = Static IP 10Mbps/2Mbps, PPPoE connection; faster but less stable
-- [eth2 = (relic from the past--no longer exists)]
eth3 = internal LAN
eth4 = Static IP 10Mbps/2Mbps, second PPPoE connection
eth5 = [unused/empty port]
eth6 = [unused/empty port]
I have setup shorewall to share the load among the three internet
connections, which each have their own gateways, by using the
''balance''
option in the providers file.
In practice, here is what happens:
eth0 -- receives sporadic traffic, mostly due to incoming http requests
eth1 -- averages a few Kbps in/out
eth4 -- averages a Mbps or more, outgoing; incoming fluctuates widely
It seems that in spite of the ''balance'', the buck always stops
at the last
route in the list.
I''m sure I have not set things up perfectly, and that someone will be
able
to help me--though I have spent days and weeks trying to improve the
situation through research online. I have read and re-read the Multi-ISP
documentation for shorewall, but I feel about the same as I did in math
class as a student--sometimes I just need to see an example before the
light will dawn!
I''ve tried playing with these variables:
--using ''track'' as an option for one or all of the named
interfaces in providers file
--using marks and tcrules to shape the traffic to particular interfaces
--adjusting the high_route_marks = Yes or No, and changing the mark numbers
accordingly
But these have not seemed to change anything in the way the firewall
functions. I have somehow not hit upon the magic combination of things to
have it all working as desired.
I am confused, from what I understand, on one point of theory--namely
this:
1) The load is supposed to be balanced on a per-connection basis
such that each client computer will have its traffic directed through a
single interface.
2) The traffic can be directed to a particular interface based upon its
type (e.g. icmp, http, p2p).
It seems that one could not have it both ways. ??
Shorewall''s dump is attached, and relevant lines from the rest of the
setup are attached with it.
Perhaps I should mention that I recently connected our PPPoE lines through
external routers, since the ISP keeps dropping the connection at random
times, and this was disruptive to the server--through no fault of
shorewall. The pppd would simply add a new ppp number to the list of
interfaces, and of course this would not be matched in the providers list
nor the interfaces. However, we seem to be having some problems with the
new routers--and while I think the setup for shorewall is correct (for
this), I''m open to suggestions.
And, in case you wonder why we want to share the load among multiple internet
lines--basically, our ISP has been unable to offer us any faster connection, and
they also do not offer bonded lines. This seems our only viable solution. They
tell us, even though they have built the fiber optic lines right into our
building now,
that they do not currently have the infrastructure to give us a better speed,
unless
we are willing to purchase 10 business class lines all at once, at about
$1000/month
per line. That''s just not feasible for us.
Blessings!
Erik.
_________________________________________________________________
Windows Live Hotmail is giving away Zunes.
http://www.windowslive-hotmail.com/ZuneADay/?locale=en-US&ocid=TXT_TAGLM_Mobile_Zune_V3
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/