Re: [Shorewall-users] Dual WAN reliability help needed

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Josh, with yr permission, i would like to 'hijack' this thread... :) questions below...

----- Original Message ----
> From: JoSH Lehan <sho...@kr...>
> To: sho...@li...
> Sent: Sunday, September 20, 2009 5:13:01 PM
> Subject: [Shorewall-users] Dual WAN reliability help needed
> 
> Hello!  I've been running Shorewall for a few years now, and it's
> performed well.
> 
> I have a non-trivial setup, though, and it is rough around the edges
> when trying to deal with it.  In particular, I have a dual WAN.  One is
> cable modem (DHCP), and another is DSL modem (PPPoE).
> 
> What's more, the cable modem is a single IP address that often changes,
> while the DSL modem is a static IP address *range*.  There is a "main"
> address that the PPP connection sets up, but it also accepts several
> other nearby addresses.  I have this running right now with aliases for
> the ppp0 device.

Currently we have a adsl line ( dynamic ip ). We will be getting a new wimax line ( dynamic ip).
I intend to 'bond' both of these lines for users(soho environment)  to have more bandwidth. And also to provide redundancy as the adsl line is a little erratic in my area and we do have outages of a few hours sometime. 

> I've studied this document:
> 
> http://shorewall.net/MultiISP.html
> 
> There are 3 main problems I have:
> 
> 1) If the router is rebooted while either the cable or the DSL is down,
> Shorewall won't come up  It requires *both* interfaces to be fully 
> active before Shorewall will start.  If either is down, my firewall is 
> DOA, requiring manual intervention.

will my new setup ( dynamic ip only for both connections ) also be affected by this problem?

> I was hoping to set up a dual WAN setup for redundancy and safety, and 
> unfortunately instead, this makes it *more* brittle.
> 
> 2) Shorewall is a one-shot deal: it exists just to configure the
> kernel's firewall settings.  There's no active monitor that can stay
> around and take care of things if either the cable or the DSL goes down.

cant the swping or lsm scripts help?

If anyone has a similar setup( two internet lines , both dynamic ip)  working, i would like to learn how u did it. 

Thanx,
marco.