Before I start with the nightmare setup I'd like to say I've read all the docs I could get my hands on along with looking at commercial products (Cisco router, checkpoint firewall, and Vicomsoft Internet Gateway) trying to get this to work with very limited success. My setup: Ethernet Internet Connection 207.152.31.185/24 gw 207.152.31.1 (T1 connection) DSL Ethernet Connection 216.254.12.42/24 gw 216.254.12.42 (256k SDSL) LAN Ethernet Connection 192.168.181.254/24 (NAT'd) Behind the "firewall" machine sits a number of boxes: 192.168.181.252 - Internal DNS and squid proxy server. 192.168.181.251 - External DNS server and external webserver 192.168.181.250 - Internet DNS and external webserver 192.168.181.1-10 - DHCP windows clients Now I have some basic port transaltion going on to get the webservers alias'd to the internet connections and such but nothing overly fancy. Keep inmind that I can _not_ use any routing protocals via either of these connections. Here is what I need to do: 1> Setup traffic shaping to allow the windows clients behind the NAT to browse the internet using both internet connections. An important part of this is that incoming traffic _must_ be answered through the NAT via the same ip address that it came in on. (NOTE: This is the major problem with Vicomsoft Internet Gateway software as it will just pick either of the 2 internet connections to reply on, and therefore a number of things - most importantly games that use UDP packets - stop working correctly or have a huge amount of packet loss due to packets being answered with a different source ip than the host connected on). 2> Setup a fail over method so that if either internet connection were to fail it would start routing all outbound traffic over that link. 3> Allow simple port translation so that I can alias 207.152.31.185 port 22 to 192.168.181.251 port 22. So the question is can Linux using Advanced routing be used to solve these problems? If so could you please point me to an example setup? If not do you know of _any_ possible solution to get this setup working? Again, I'm sorry if I've missed this reading the HOWTO please point me in the right direction. ------------------- JayC Daniel Senior Security Engineer Security Integration HCAHealthcare 615-344-6988 jay.daniel@xxxxxxxxxxxxxxxxx
