Re: [gentoo-user] Gentoo router for multiple ISPs?

[Eray Aslan <eray.aslan@caf.com.tr>]

On 12.04.2008 21:11, Mark Knecht wrote:
> Hi all,
>    I need to get a second ISP line into the house. I currently have a
> cable modem but it goes down once in a while and my work requires
> higher reliability so I was thinking of getting a DSL line to
> supplement it. I'd like to investigate creating some sort of
> firewall/router that could do the following:

1. Load balancing is easy.  Just read up on it.  http://lartc.org/ is a 
good start.  Basically, you will have to modify your iptables and 
routing table rules.

2. Check the time extension of iptables.  Also many services and daemons 
have in built facility for day and time based access control. For 
example xinetd offers data and time based access control.  You might 
want to go that route depending on what service you want to control.

3. Automatic failover is the hard part.  AFAIK, Linux can determine if 
the next hop is down and do automatic switch over.  But if you have a 
problem further down the line, kernel won't detect it.  For DSL, you 
might want to use your modem as a bridge and connect directly with PPP 
to your ISP so that you can detect if the link goes down (that seems to 
be most common case).  I do not know if the same is possible with cable 
modems as I have not used one in a long time.  Another alternative is to 
run a cron job that pings a certain host(s) on the internet and 
depending on the result adjusts the routing the table accordingly.

HTH
-- 
Eray

> 1) Load balance between the two lines during the day. I get download
> speeds of about 6Mb/S from my current Cable Modem and supposedly about
> 3Mb/S from the DSL. I'd like to get something like 8-9Mb/S aggregate
> from the two together if possible.
> 
> 2) I need rules that keep certain machines off of the cable modem
> during specific hours.
> 
> 3) I MUST have some sort of AUTOMATIC switch over such that if one
> line goes down the second line takes over and runs everything while at
> the same time informing me that a line is down. This machine must be
> able to test, once a minute or faster, that both lines are up and take
> action immediately if something is wrong. It must then correct if the
> down line comes back up.
> 
> 4) I can either use this same machine as a firewall or I can simply
> hook it to my existing LinkSys since I'll still need wireless to get
> around the house. I figure I'll run the LinkSys inside this Gentoo
> machine anyway. I figure I'll want a firewall on this machine since it
> will be directly on the net anyway.
> 
>    Are features like this available in some sort of package from portage?
> 
>    Note that I'd be perfectly happy buying some box for less than
> $100-$200 that could do all of this automatically but I haven't found
> one yet.
> 
> Thanks,
> Mark
-- 
gentoo-user@lists.gentoo.org mailing list