Hi,
Sorry for the late response. Including the thread for context.
It would work if I could use its local connection as primary and have a lower
priority route via server 2.
Its the shorewall/interfaces definition that is tripping me up for the lower
priority route to 0.0.0.0 via Server 2 that you mentioned? Also how will
shorewall be used to setup this route using its normal
''providers'', ''interfaces'', and
''zone'' definition files ? Appreciate help with that
configuration.
I''ve also plumbed a 2nd IP to the local LAN IPs: Server 1 - (10.0.0.9
as eth0:1 for eth0 10.0.0.1), Server 2 - (10.0.0.8 as eth0:1 for eth0 10.0.0.2).
Can those be used effectively?
Thanks,
Anshuman
> From: Simon Hobson <linux@thehobsons.co.uk>
> Subject: Re: [Shorewall-users] Multi Machine Multi ISP setup
> Date: 28 May 2012 12:22:22 PM GMT+05:30
> To: Shorewall Users <shorewall-users@lists.sourceforge.net>
> Reply-To: Shorewall Users <shorewall-users@lists.sourceforge.net>
>
>
> Anshuman Aggarwal wrote:
>
>> I have the following setup
>>
>> ISP1 ISP2
>> | |
>> Shorewall Shorewall
>> Server 1 ------ Server 2
>> 10.0.0.1 10.0.0.2
>> \ /
>> LAN
>>
>> I require the Server 1 and Server 2 to access the Internet via both
>> ISP1 and ISP2 ...
>
> Do you want to load share, or just have failover ?
>
> If it would work to have each server use it''s
''local'' connection as a
> primary for all traffic, but fail over to the other connection in the
> event of a failure then I can see a way to make it work (dunno about
> Shorewall config though).
>
> On server 1, make the default route via ISP1, but provide a lower
> priority route to 0.0.0.0/0 via server 2. Similarly for server 2.
>
> While both connections are up, each server will use it''s own
> connection - including routing traffic for internal machines*. If
> it''s ISP connection is down**, then it will fall back to the lower
> priority route and send it''s traffic via the other server which
will
> route it out via the other connection.
> Of course, if both connections are down, the packets will ping-pong
> back and forth until they reach max TTL.
>
> * For ''load balancing'' you will need to split your
clients into two
> groups - half to use server1 as the default gateway, the other half
> to use server2. Or split them according to any other criteria you
> want.
> it might work to have routing policies on each server - but
there''s
> a complication. If a routing rule on server1 says to route via ISP2
> (server2), then if ISP2 link is down, the packets will get punted
> back to server1 so you''d need your rules to cater for that and
route
> such packets out instead of punting them back to server2.
>
> ** If it''s not a connection type (eg PPP) where
''down'' is obvious,
> then you''ll need some means to monitor the connection and remove
the
> default route when it''s down.
>
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today''s security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/