I'm just setting up multi-ISP and I just want to check if I have things
right. I'm using Shorewall 4.5.5.3 on Debian Wheezy.
I have two internal networks (192.168.1.0/24 and 192.168.7.0/24), a connection
via ethernet and another via dsl. In my providers file I've put
:> isp1 1 1 - ethext a.b.c.1 track,balance
> isp2 2 2 - ppp10 - track,balance
In interfaces :> ext ethext detect tcpflags,nosmurfs,dhcp
> int ethint detect tcpflags,routeback,nosmurfs,dhcp
> wifi ethwifi detect tcpflags,nosmurfs,dhcp
> fttc ethfttc detect tcpflags,nosmurfs
> dsl ppp10 detect tcpflags,nosmurfs,optional,wait=15
(The PPPoE for the DSL runs over the ethfttc interface)
And in masq I have(*) :> ethext:!a.b.c.9 192.168.1.0/24 a.b.c.4
> ppp10 192.168.1.0/24 w.x.y.2
> ethext:!a.b.c.9 192.168.7.0/24 a.b.c.3
> ppp10 192.168.7.0/24 w.x.y.1
The intention is that all the internal network traffic should do via the DSL
line (except that destined for the a.b.c.n subnet), so is it just a matter of
adding rtrules :> 192.168.1.0/24 - isp2 1000
> 192.168.7.0/24 - isp2 1000
And do I need to include a line> - a.b.c.0/n isp1 1000
or does that follow automatically since a.b.c.0 is a locally attached subnet ?
Eventually I'll need to look at failover, but for now I just need
"most" of the traffic to go out via isp2. If how I've read the
docs is correct, I don't actually need to bother with packet marks, I can
just do this with rtrules ?
Supplementary question.
If I then need to start adding lists of external addresses that have to be
reached via isp1 (because they are, for example, customer equipment that only
permits remote access from the a.b.c.0 subnet). Is this best done via rtrules or
tcrules ?
* The reason for masq-ing everything to the a.b.c.0 subnet except for one device
is due to a recalcitrant hardware firewall that spits it's dummy out and
drops packets otherwise.
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees