hi mike, actual layer 4-switches will provide you with lots of nice features: load-balancing between providers wire speed acl load-balancing using acl-rules wire speed throughput routing protocols and of course static-routes
if you need some more information, feel free to contact me christian -----Original Message----- From: Mike Schmitz [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 28, 2001 10:29 PM To: debian-admintool@lists.debian.org; debian-isp@lists.debian.org; debian-firewall@lists.debian.org Subject: Re: Firewall configuration with two ISP On Wed, Mar 28, 2001 at 12:50:08PM +0530, Bala wrote: > Hello > In Debian GNU/Linux, I have configured three network cards. I'm having > leased line connection from two ISP's with two different series of IP > addersses. With first card I, have configrued ISP1 and with second card, I > have configured with ISP2. With the third card, I have configured my LAN. > Now I'm able to ping both the ISP's gateway from my machine. But, I'm NOT > able to access my machine with one of the Internet IP from Internet. What > could be the problem?? There was a list of URL posted here in the debian-firewall mailing list. One of them had a section that might be of interest. It has the balancing for the opposite direction, but it should help get you there. http://www.linuxsecurity.com/feature_stories/kernel-netfilter.html The appropriate section: So, to develop a simple and inexpensive load balanacing solution, you might use the following to have your firewall redirect some of the traffic to each of the web servers at 192.168.1.100, 192.168.1.101 and 192.168.1.102, as follows: # # Modify destination addresses to 192.168.1.100, # 192.168.1.101, or 192.168.1.102 # iptables -t nat -A POSTROUTING -i eth1 -j DNAT \ --to 192.168.1.100-192.168.1.102 -- Mike Schmitz<[EMAIL PROTECTED]> http://ddns.colug.org/mschmitz My thoughts on h4x0rs: Consider the complacency and arrogance that would cause a porcupine to sleep on its' back. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
