Butting into the thread ;-)
I am using CenOS on my machines, with an IPcop Internet Gateway, only
one public IP and Web/Mail/DNS Servers in DMZ (private C Class) as well
as Lan.
Overall am bit satisfied with it...low maintainence, except for some
manual tinkering or addons for outbound connections. BUT failover on WAN
side seems to be becoming a requirement. Have been asked to device a
shoe-string (and a small string at that) strategy to mix DSLs, lowspeed
leased line (they are expensive here in India) and a DVB VSAT connection
(DirecPC) in future.
Issue with DSLs is that the gateway has to be capable of handling
Dynamic IPs as well as Static IPs, in addition to private IPs allocated
by the ISP (they do transparent proxy/NAT). Wan Failover is to be
handled.
One idea I was thinking of was a commodity Switch in front of (WAN
interface) the IPcop box and some fancy IProute2/Nexthop footwork.
Second was to find an opensource distro that did WAN failover unlike
IPcop...so am exploring the leads from this thread.
I will be implementing Snort with database backend to analyse security
aspects and maybe even script some blocking/IPS features/opensource
projects including the layer 7 firewalling. So basically, I am planning
to go with open source setup, as I feel that the kind of setup I want, I
will have to sell my soul (even the devil does not seem to want it!!) or
my Company to buy a commercial product.
Request please advise if someone can point me to an open source/GPL
project that can either add WAN failover/load-sharing/load-balancing &
port based traffic partitioning capabilities to some firewall distro or
minimal centos install for creating a Firewall gateway.
Pointers to literature/resources/projects on various issues mentioned
above will be appreciated.
With best regards.
Sanjay.
