Loadbalancing between two isp uplinks

Hi guys,

I have a networking question I could not find an answer for with
google.

We have currently at work two ISP boxes(routers), i want to setup a
firewall to protect an intranet on a local host. The problem is that
not every one is using the same router.

Here is my question: how can i do to make all traffic be sent to one
location (firewall-loadbalancer) then the loadbalancer switchs
automatically between the two routers .

I am not an expert in networking just basic knowledge of subnets ip
addressing and firewalling (iptable), I am an advanced linux user
however.


Chakib.B

On 2011-05-17, chakib.B <(E-Mail Removed)> wrote:
> Hi guys,
>
> I have a networking question I could not find an answer for with
> google.
>
> We have currently at work two ISP boxes(routers), i want to setup a
> firewall to protect an intranet on a local host. The problem is that
> not every one is using the same router.
>
> Here is my question: how can i do to make all traffic be sent to one
> location (firewall-loadbalancer) then the loadbalancer switchs
> automatically between the two routers .
>
> I am not an expert in networking just basic knowledge of subnets ip
> addressing and firewalling (iptable), I am an advanced linux user
> however.
>
Can't you just set your loadbalancer as default gateway?

On May 17, 11:01*am, "chakib.B" <spykspy...@gmail.com> wrote:
> Hi guys,
>
> I have a networking question I could not find an answer for with
> google.
>
> We have currently at work two ISP boxes(routers), i want to setup a
> firewall to protect an intranet on a local host. The problem is that
> not every one is using the same router.
>
> Here is my question: how can i do to make all traffic be sent to one
> location (firewall-loadbalancer) then the loadbalancer switchs
> automatically between the two routers .
>

Change the dhcp server configuration so that the default gateway for
workstations points at the internal private interface of the firewall,
then manually configure the default gateways of your servers.

Then how to configure load balancing will be propietary to your
firewall, so I can't really help you.

OR-

If you were using linux as your firewall, I would just use 2 firewalls
(hardware is cheap), crossover cable them to the routers and set up
dhcpd to round robin the client workstations between them (set the
dhcpd address pools so that each firewall hands out every other
address). That will get you load balancing inbound as well as
outbound. You can tune it by moving indevidual pool addresses from one
firewall to the other.

Set the expire time for dhcp short, and to an odd number, like 13
minutes on the first firewall, and 17 minutes on the second. (people
tend to turn on their computers at the same time at the beginning or
end of the hour, odd intervals will help balance network load) Then
set up a second configuration file for dhcpd with the FULL address
pool on both servers, and write a script so that each server pings the
other and swaps to the full pool if they can't reach eachother. If you
make the script ping your WAN links as well, you will get automatic
fail over from the firewall private interface, all the way to the end
of the WAN link, all without having to mess with HSRP, or active
routing, or grabastic third party firewall software.

Or something

>
> I am not an expert in networking just basic knowledge of subnets ip
> addressing and firewalling (iptable), I am an advanced linux user
> however.
>
> Chakib.B

On May 17, 4:01*pm, "chakib.B" <spykspy...@gmail.com> wrote:
> Hi guys,
>
> I have a networking question I could not find an answer for with
> google.
>
> We have currently at work two ISP boxes(routers), i want to setup a
> firewall to protect an intranet on a local host. The problem is that
> not every one is using the same router.
>
> Here is my question: how can i do to make all traffic be sent to one
> location (firewall-loadbalancer) then the loadbalancer switchs
> automatically between the two routers .
>
> I am not an expert in networking just basic knowledge of subnets ip
> addressing and firewalling (iptable), I am an advanced linux user
> however.
>
> Chakib.B

Dear Chakib.B,

for the setup you will require a machine with 3 lan cards.

2 wan connections (isp)
1 lan connection (to serve your network)
OS options: ClearOS 5.2
install it on your machine and when you are configuring networking
part, you will see the option for multi WAN links configure
accordingly. from there you can add bandwidth (provided by your ISP)
per link. you can download ClearOS from http://www.clearfoundation.com/.
it has all the features you will ever need (check all the features on
the http://www.clearfoundation.com/Software/overview.html page.

Network Features

Multi-WAN
VPN - PPTP, IPsec, OpenVPN
DMZ and 1-to-1 NAT
Stateful Firewall
Local DHCP and DNS Servers

its a web based linux distro, based on CentOS 5.x so its fairly easy
and also its very well documented.

let me know how it goes if you ever try this.

Regards
-bunto

On May 17, 7:01*am, "chakib.B" <spykspy...@gmail.com> wrote:
> Hi guys,
>
> I have a networking question I could not find an answer for with
> google.
>
> We have currently at work two ISP boxes(routers), i want to setup a
> firewall to protect an intranet on a local host. The problem is that
> not every one is using the same router.
>
> Here is my question: how can i do to make all traffic be sent to one
> location (firewall-loadbalancer) then the loadbalancer switchs
> automatically between the two routers .
>
> I am not an expert in networking just basic knowledge of subnets ip
> addressing and firewalling (iptable), I am an advanced linux user
> however.
>
> Chakib.B

Hi,

I suggest you to set the default gateway of your lan to the firewall's
lan IP, then, you can use a routing protocol between the firewall and
the two routers and you need the primary router to advertise the route
to 0.0.0.0 /0.0.0.0 with an administrative distance lowest than the
backup router, and configure the failover into the routing protocol.
You can use OSPF or RIPv2 with Zebra under linux. Under this
implementation the firewall will be the default gateway for the lan's
host. You need also to isolate the traffic between the routers and the
firewall using vlans if you have all in the same switch.

Another way to do it is to see if the routers support VRRP or HSRP,
this can be effective and you would only need a default gateway in the
network for all devices. Don't forget to use the Firewall as bridge
mode.

Regards,
Francis