IPCop and Bonding 2 DSL lines

[beatty_t]

I thought it'd be an interesting howto to have IPCop act as the firewall/router for 2 WAN connections to a LAN. Currently here in Waterloo, ON (Canada)... I can get 2 x (6Mb down/800kbps up) connections for a quarter of the cost that a T1 line would be...

Would anyone else be interested in something similar or have something setup that they'd want share? I'm using a 2 WAN router to accomplish this task for now, but I thought it'd be cool to setup IPCop to do it if it's possible.

[falko]

Quote:

Originally Posted by beatty_t

Would anyone else be interested in something similar or have something setup that they'd want share? I'm using a 2 WAN router to accomplish this task for now, but I thought it'd be cool to setup IPCop to do it if it's possible.

This would be really interesting, although I'm quite satisfied with my 16 MBit line for now...

[beatty_t]

Would that be an ADSL2/+ line you have? We won't be getting ADSL2 until maybe 2007 and VDSL in 2008-2009 as far as I can tell (I'm not holding my breath)... It will be rediculously expensive anyway probably... Do you have an idea of where most of the forum members are from?

[falko]

Quote:

Originally Posted by beatty_t

Would that be an ADSL2/+ line you have?

Yes. It's EUR 51.90/month incl. a DSL flatrate and a telephone flatrate (for Germany)(ISDN - no VoIP ). It's fun to download Linux CDs in 6 - 7 minutes. But they could increase the upload bandwidth, I think. It's only 1 MBit/s.

Quote:

Originally Posted by beatty_t

Do you have an idea of where most of the forum members are from?

I think North America and Europe. But I don't know from which countries exactly. We also have users from South America, Africa, Asia, and Australia, but the majority should be from North America and Europe.

[woleium]

I have a colleague that is using pfsense to run a similar setup, It's based on m0n0wall, which is a freebsd firewall distro which has been cleverly modified to use an XML file for config, instead of the /etc folder. m0n0 is based on the 'less is more' concept of security, but pfsense has the ability to add modules (most are in beta atm, with the exception of squid & snort) It also supports CARP (open source version of ciscos HSRP/VRRP), service based traffic shaping and most importantly for you "outgoing load balancing pool"

It is (at the risk of starting a flamewar) widely regarded in the security world to be more secure than it's linux counterparts (ipcop, smoothwall, etc.) & although any deviation from the less is more rule introduces greater opportunity for exploitation, as long as you stick to squid & snort as your only add on packages you should be ok.

W.

[beatty_t]

How am I supposed to get my work done when people send me cool stuff like this to play with (if there was an animated headshake smiley, it would go here)? There are some advanced tutorials on loadbalancing with CARP and routing with multiple WAN.

Thanks a bunch!

I'm not looking to "start a flamewar" either, but do others have any comments on pfsense and security?

[beatty_t]

This might be a stupid question, but as a "shameless wonder" I'll throw it out there anyway... pfsense supports loadbalancing, but in the FAQ it says that it doesn't support fail-over. My question is... if you have loadbalancing setup, would that not also be providing fail-over? Why would you pay for 2 lines to have one sit idle for a "just-in-case" situation when both could be utilized? As I understand, loadbalancing checks to see if the connection is available as well as what the load is right? If there is no connection found, it would automatically push 100% of the flow to the other WAN wouldn't it?...