On Sun, 29 Sep 2002, Don Cohen wrote: > > > I have a dual-homed firewall. It has 2 Internet connections, provided by > > > > > ip route add default nexthop via $CONN1_IP dev $ETHX weight $X \ > > nexthop via $CONN2_IP dev $ETHX weight $Y > > Note that this only shapes outgoing traffic and also relies on your > ISPs to NOT do the ingress filtering that they're really supposed to do. > > If most of the traffic at your site is going out this might be > reasonable. For most people, most of the traffic is coming in, e.g., > behind your firewall are clients who want to download data. The > bandwidth going out is mostly acks, which is very small compared to > that coming in. > > off just using the fast one, or perhaps using the slow one only for > stuff that you can be sure will fit comfortably in its bandwidth. OK, this may be a reasonable approach, but how do I force it initiate connections from the "fast" interface, yet allow it to fail over to the slow interface if the sytem removes the route to the fast gateway because it has detected that it is not responding? Simon _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
