Re: [LARTC] Help PLEASE...Multi-Routing for ADSL on Linux: Request

["Taylor, Grant" <gtaylor@riverviewtech.net>]

> My DSL is prone to frequent outages and therefore I need a backup
> link. Also, my DSL provider charges very high for usage, therefore I
> want a lower cost connection.

Do you have Verizon or CentryTel?  That type of price scalping is *VERY* common around here.

> Now in my area I have only one option for each requirement. Another
> DSL provider who charges as high as the first one, but can be an
> alternate provider, though issues dynamic iIPs only...this would do
> for back up connection.
> 
> There's another cable ISP (ethernet to home) that provides flat-rate
> asscess but issues private IPs 172.16.x.x & 10.x.x.x and has a NAT
> machine that does the address translation and has less that quarter
> the speed of other two providers. He is not willing to give a live ip,
> even on extra charge.

I like the idea of a cable modem as it is a different technology than DSL and will be susceptible to different reasons for outages.  For example someone at the local CO unplugging cables on the DLSAM could hit both your connections if they are DSL, where as a if your backup connection was a cable modem you would quite likely still be on the net.

I guess the difference in the connection would be if you can live with your servers being off the net for a while and just have internal / LAN internet access or if you need to still be able to serve content to the world.  Something you might consider doing would be finding someone to offer backup MX and DNS hosting for you.  (I know a couple of people, my self included, who would be willing to help.)  If all you need is the former, I would strongly go with the Cable Modem connection.

> Now, I want to connect three DSL's to my Internet gateway (ipcop
> machine...again as I already have three LAN cards..no more slots
> left), using one ethernet card connected to a four port switch where I
> can terminate both the DSLs & cable internet connection. And to give
> two static IPs (one public, one private) and one dynamic IP to my
> ethernet card on the WAN side, using something like nexthop given in
> the LARTC howto

I don't think that I would plug multiple INet connections in to a (unmanaged layer 2) switch and then plug that switch in to a NIC for your internet connectivity.  I am hopping that I read what you wrote wrong.  What you *CAN* do is get a layer 2 manged switch that supports 802.1Q VLANs and assing a VLAN to two ports on the switch, one of which is the port to your firewall and the other to a particular INet connection.  If you use a 24 port managed switch you could hook up 24 different DSL / Cable Modems to one NIC in a computer.  I have done this with wonderful success!  Using this method you could easily have multiple links via 802.1d bridging (STP) or bonding to make sure that you have a connection from your system to managed switch even if a cable gets unplugged.

> Is this type os scenario:
> 
> 1. Possible?

Yes, very!

> 2. Easily maintainable? Especially on top an existing firewall distro,
> that can be tweaked...maybe ipcop or some other, so that I don't have
> to individually keep up with all the security updates that are bound
> to come. Suggestions on any firewall gateway distro that would be more
> amenable to any such solution that is suggested. Or do I have to do it
> fully?

Well, don't run your services on the firewall.  Use an old ""white box as your firewall / gateway so that you don't have to worry about keeping it as up to date as it will not be serving any services to the outside world and thus *MUCH* harder to hack.  This will allow you to run your distro of choice on your servers, where you know how to keep it up to date.  Besides it is a bad idea run services that could be exploited on a firewall.

> 3. Secure?

Yes, I think this could be made extremely secure, or at least as secure as any single internet connection.

> Please give some comments & pointers, with web URLs for further reading.

I think you want to do some reading on setting up additional routing tables vi the "ip route" command and then use some routing rules (set up via the "ip rule" command) to define which traffic uses which routing table.  Any Linux advanced routing document should go in to this.

> Also, I would like to bifurcate traffic, especially downloads using
> ftp, rsync (and if possible http downloads too) to go through the
> private ip flat rate link. Something that seperates traffic by ports.

This is doable, via different routeing tables for different types of traffic, ssh, smtp, ftp, etc.

> Request routing Gurus help me please. Am on a shoestring budget and
> can't afford commercial hardware solutions that offer this kind of
> functionality, IAC..don't even know of one that is specifically for
> low-cost DSL usage.

Can you afford to dedicate an old computer to this task?  If you really need it could you buy a $300 layer 2 managed switch?  (D-Link DES-3226L (http://dlink.com/products/?sec=0&pid)8) is what I used for my 8 cable modem set up.)



Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc