I''m trying to plan out a new configuration for our new multi-isp setup.
Part
of what is confusing me is the asymmetry between the two setups. Our current
ISP provides us with a router and our first public IP is used by its LAN port.
Our new provider is not providing a router and I want to user our shorewall
box as the router. I have 4 ports on it (currently configured for local, dmz,
and net) and was planning on using the 4th for the new provider. It will be
part of a /30 subnet connecting to our ISP. We also have a /27 subnet for
public IPs.
So my thought is something like:
ISP1/27 ISP2/30
|p2p1 |p2p2
+-----------------------+
| firewall/router |---em2 dmz 192.168.201.1/29
| | ISP2/27
+-----------------------+
|em1
loc 10.10.0.1/16
We use nat for some servers on the local network and will want to have similar
entries for the new ISP. Does this work? For outgoing packets, what external
address is used?
#EXTERNAL INTERFACE INTERNAL ALL LOCAL
# INTERFACES
ISP1/27 addr p2p1 10.10.X.X No No
ISP2/27 addr em2 10.10.X.X No No
The current dmz addresses for ISP1 are handled through proxyarp, but I figure
the new ISP2 addresses could be used directly there.
I''ll want the vast majority of traffic to go through ISP2, but some
targeted
services to use ISP1 and to have ISP1 as a fail-over. Haven''t started
looking
at that yet in detail.
Thanks for any thoughts/suggestions.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
------------------------------------------------------------------------------
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you''ll get a free "Love Thy Logs" t-shirt
when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
