Hi.
Sorry for the delay. Hope you are still interested in the idea.
Kelly Jeglum wrote:
I'd like to setup a box with 2 NICs as a firewall which will also rateIf you are doing NAT or routing, the you need to use VRRPD with two machines.
limits outbound traffic. What happens when/if that box hangs or is
rebooted?
I'd like a solution that when there is a failure, traffic can still goIf on the other hand you want just the rate limiting, then you can try something. It only has a drawback, the switch that you will use must have Vlan and STP.
through the box even though the firewall and rate limiting functions will no
longer be in effect.
The trick is this, you choose three ports, and assign those to, say vlan 2, then choose another 3 ports and assign those to vlan 3.
Enable STP on both Vlan's, increase the portcost on one port on each Vlan, and use a crossed cable to link them.
Connect a port from each Vlan to the bridge/rate limiter.
Connect the remaining port to your inner router, and to your outer router.
Now, the idea is, the Vlan will divide the switch virtually, traffic from vlan 2 won't go to vlan 3, only if they are physically connected, they behave like two switches (witch will also work, provided that the switches permit VTP). When everything is working properly, the switch will see two links from vlan 2 to vlan 3 and will disable the one with the higher cost (the cross cable), then all your traffic will flow thought the bridge.
If the bridge stops,hangs is disconnected, the switch will only see one link (the cross cable) and will enable it, bypassing the bridge.
I have this setup in operation now, and it works great.
For those wondering, it is using a cisco 2900XL and the fallback time is from 30 to 50 seconds.
Hope it helps
José Araújo
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
