JJB wrote: > Hi, > > I would like to understand the "multi-isp" abilities of Shorewall. I > noticed that some posts regarding multiple ISP's talk about a proxy > server - is this a typical http proxy web server, or is this a different > meaning of the term "proxy"?
Just a normal http proxy (Squid). > > Is an http proxy server really necessary for this to work, No. It is just that people have encountered issues when running a proxy on the firewall (helped along by a bug that is present in many versions of Shorewall -- see the Shorewall home page). or can > shorewall just load balance: "if load on circuit A reaches threshold X > open all new connections on Circuit B"? There is no capability like that. And Shorewall itself doesn't load-balance. It simply configures a multi-path default route which causes the Linux IP stack to balance in round-robin fashion. You can favor one link over the other by assigning weights in the OPTIONS column of the providers file. > > The scenario is: > > We have a 3 megabit dual T1 as our main internet connection. We also > have a 3megabit DSL line that was just installed in case our T1 goes > down for some reason (not yet connected to our network). It would be > nice to have that extra bandwidth available to the LAN for downloads of > large files, or days when internet usage peaks (so far, we really > haven't had any, but our network is growing) That's doable with Shorewall but the DSL line would be in use all of the time, not just when traffic was heavy. Again, Shorewall doesn't add any capability other than what is available in the Linux implementation of policy routing. And given that Shorewall isn't something that runs continuously in your system, there is no capability for failover when one link fails (although such a capability is fairly easy to script). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: PGP signature
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
