On Sunday, 29 September 2002, at 11:24:03 -0700,
Simon Matthews wrote:
> I have a dual-homed firewall. It has 2 Internet connections, provided by
> different ISPs (each with an associated IP address). The 2 Internet
> connections are connected to the same physical interface. The 2 Internet
> connections do NOT have equal bandwidth
>
> How do I configure the SNAT/MASQ and ensure sharing of the gateways with
> the correct ratio of usage and with the correct source IP address?
>
ip route add default nexthop via $CONN1_IP dev $ETHX weight $X \
nexthop via $CONN2_IP dev $ETHX weight $Y
weight(s) are the relative bandwidths of the connections. If the first
is a 2 Mbps line and the second a 512 Kbps one, $=4 and $Y=1, for example.
What matters is the ratio, not the actual bandwidth.
> I know how to use the 'ip' commands to configure gateway sharing according
> to my defined ratios and ensure that packets go out of the correct gateway
> according to their source address.
>
The above defines routing. And SNAT/MASQ is something done afterwards,
so you could SNAT/MASQ traffic going to each connection differently.
What I don't know right now is how to determine to which Internet
connection are packets going in your setup with only an ethernet card
for both. With a card for each Internet connection it is simple.
Hope this helps.
--
Jose Luis Domingo Lopez
Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
