[RndTbl] Load-balancing / dual-WAN / multi-WAN routers or other solutions
robert at keizer.ca
Sun Mar 31 08:47:28 CDT 2013
Keep in mind that turning off rp filter means that packets which match an
IP for any interface will be accepted on all.
That is why I suggested OBSD.
Not so bad if you're on MTS as they'll block before the tunnel, But ive ran
into issues with someone on shaw with a misconfigured router.
Ofcourse if you use iptables properly the likelyhood of someone getting
source and dest is pretty low..
On Mar 31, 2013 5:29 AM, "Hartmut W Sager" <hwsager at marityme.net> wrote:
> Wow, that is a winning reply! Thanks, Trevor.
> Hartmut Sager
> On 31 March 2013 02:47, Trevor Cordes <trevor at tecnopolis.ca> wrote:
>> On 2013-03-29 Hartmut W Sager wrote:
>> > Now THIS should get a discussion going. What's the latest on
>> > load-balancing / dual-WAN / multi-WAN routers? I only see two kinds
>> > - some very old D-Link (DI-LB604) and Cisco (RV042, RV082, RV016)
>> > models, and quite a few current models from completely unheard of
>> > Oriental companies.
>> I've done multi-homed Linux routers. To do weird stuff without buying
>> major expensive gear (read: Cisco enterprise, Juniper, etc) your best
>> bet is to just do it in Linux (or BSD if you prefer, though I have no
>> experience there).
>> You can select what traffic should go out what modem (by nearly any
>> criteria since it is iptables based). I usually select it based on
>> port (put VNC, ssh over low-latency pipes) or intranet IP (give certain
>> machines fast / slow internet). Return packets come in the same modem
>> as the outgoing.
>> I haven't yet done automatic failover but it should be fairly easy to
>> write a script to detect pipe failure and tweak iptables to direct all
>> traffic out just one pipe.
>> Your friends here are:
>> ip rule ... table
>> ip route ... table
>> echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
>> iptables -t mangle
>> (and maybe more I'm forgetting, this is from memory at the moment!)
>> and you can do QoS fairly easily at the same time.
>> Roundtable mailing list
>> Roundtable at muug.mb.ca
> Roundtable mailing list
> Roundtable at muug.mb.ca
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Roundtable