|
Page 1 of 4 This article deals with routing over two (or more) internet connections. There are many different ways of setting this up, including load balancing, auto fail over, and selective routing (routing depending on traffic type) configurations. The one I've detailed here features selective routing, and inbound routing. The inbound routing is actually slightly more difficult to do than the outbound routing, but once its set up would allow the ipsec vpn service to be available on both public ip addresses, or have dual access points to an internal web server.
This configuration also allows mapping types of traffic to specific internet connections. For example, have all http traffic going out via internet connection 1 and all ftp traffic going out via internet connection 2.
Note: While I havent checked (and would love to be proved wrong) I dont think this is possible to do on a windows based pc. If you know any different, and care to share that information. Leave a comment at the end of the article
So, lets have some background:
Lets say you have two internet connections (this could be two xdsl lines, or an adsl and a standard modem). If you want to utilise both lines, you have a problem, which takes the form of the gateway setting. You can only define one default gateway, and ergo it will only ever use that one (and ergo one internet connection) to service any internet requests. The routing table is obviously central to this process. You can list the routing table in linux by issuing the following command
Â
ip route show table main
Â
You'll note at the bottom of this table is an entry that look something like
Â
default via <your gateway address> dev <internet device>
Â
Fortunatley, with Linux, its possible to set more than one routing table, which is key to routing over multiple internet connections. First, lets look at the pc we need to setup to act as our router. The one I used was a pentium 3 500mhz with 256MB RAM. into this I put 4 network cards. "Why 4?" I hear you ask! The work network has two subnets for reasons of security, The "Repro" network gets exposed to a lot of removable media, usb sticks and various other potentiall sources of viruses. It also carries alot more traffic than the other, and requires a faster and better quality switch. So, we have:
Â
| Network |
Description |
Range |
eth |
| Admin |
Normal admin network used by accounts, sales, purchasing etc... |
192.168.2.0/24 |
eth3 |
Repro
|
Higher risk, high data throughput network
|
192.168.1.0/24 |
eth0 |
| Internet connection A |
512k adsl
|
192.168.4.0/24 |
eth2 |
| Internet connection B |
2Mb adsl |
192.168.5.0/24 |
eth1 |
Â
Of course, the two internal networks just add to the complication of things, but if you can get your head around all this, then you should be able to do the same with only one internal network range.
|
Linux stuff 
Check out the 10 mile round trip I had to do to login into a site that was asking for a username and password 
| 
| 
Comments
As i am new to linux and want to setup just what you explained here (w/o load balancig tho), it comes handy!
I was wandering if the 3'rd line from the bottom up is correct (-i $ INTERNETIFA ). Shouldn't it be -i $INTERNETIFB ?
I know i'm new, but since your script helped me, i just wanna help out too :)
Mihai,
Welcome to lunarhotel.co.uk. You are quite right! Ive made the change. Well done for spotting it. And well done for having a go at Linux.
The script in its current state doesnt actually support load balancing however. It was something I was looking at doing, but sadly with world-wide recession in full swing, my IT department has had to make cut backs (Like only one internet connection!
If you have anymore thoughts / ideas for the script, please let me know.
RSS feed for comments to this post.