LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-04-2014, 12:18 PM   #1
darkmode
LQ Newbie
 
Registered: Mar 2014
Posts: 5

Rep: Reputation: Disabled
Lightbulb Firewall with load balancing feature


Hi Guys,

I need to setup a proxy/firewall that has some built in traffic statistics and useful reporting. I am looking at IPcop, pfSense, Clear OS etc....

The catch is that I need to load balance between 4 ADSL lines on the same box(I have a NIC with 4 ports). Any suggestions how I should go about this? Ideally one of the above mentioned proxy/firewalls have a build in feature to load balance between 4 NICs.

Thanks
Darkmode
 
Old 03-04-2014, 03:15 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,893

Rep: Reputation: 163Reputation: 163
You can use bonding interface to load balance on 4 NIC. Most Linux distribution should support it.
 
Old 03-04-2014, 03:24 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,245

Rep: Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654
I can't find the page I was looking for most the bsd's have had that feature for quite some time. Pretty sure one or more of the choices you have has a web site page devoted to it. (I think)

Just to be sure, you want load balancing or possibly fail over too?
 
Old 03-04-2014, 03:30 PM   #4
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
Without knowing more, its hard to give a specific answer.

You can do a search of 'broadband bonding' to find out how others have approached the issue.
 
Old 03-06-2014, 08:49 AM   #5
darkmode
LQ Newbie
 
Registered: Mar 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
Thanks for the input guys.

Jefro: Not fail over, the current setup is 4 DSL lines that are load balanced with a tp-link load broadband load balancer. It doesn't work well,
I don't think the load balancing would be much of a problem. Probably 4 different route tables with equally weighted default routes should do the trick?

I am more curious about which proxy to use?
I'm considering just doing my own thing from scratch. Maybe squid with SARG? Is there anything else that provides nice reporting?

Thanks
 
Old 03-06-2014, 08:55 AM   #6
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
Before i go into great detail about this,.. do you have a preference of what OS to use? If not, im going to explain in redhat(more people are likely to run into this article and be familiar with RH).. although in reality i would use OpenBSD.

That cool?
 
Old 03-06-2014, 09:07 AM   #7
darkmode
LQ Newbie
 
Registered: Mar 2014
Posts: 5

Original Poster
Rep: Reputation: Disabled
I'm fairly new to the linux world and am currently using debian.
I don't mind you explaining in any distro, as long as I get the logic I'l manage.

Appreciate your help
 
Old 03-06-2014, 03:20 PM   #8
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,893

Rep: Reputation: 163Reputation: 163
Following link can help you configure bonding interface on Debian. You can choice different mode for load balance.
http://linux-on-a-server.com/ethernet-nic-bonding/
 
Old 03-06-2014, 07:50 PM   #9
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,245

Rep: Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654Reputation: 3654
Might as well look at untangle as a choice.


https://doc.pfsense.org/index.php/Multi-WAN_2.0

For an example on pfsense.


The choices you have are common ones that a person might consider.
 
Old 03-12-2014, 10:40 AM   #10
nikmit
Member
 
Registered: May 2011
Location: Nottingham, UK
Distribution: Debian
Posts: 178

Rep: Reputation: 34
As much as these are links to four different ISPs, your solution needs to ensure all packets from a connection go through the same link, else endless firewall problems will follow. This should be handled OK by bonding interfaces in balance-xor mode. Protocols which dynamically generate connections, like FTP and H.323 will likely break however in any scenario involving more advanced firewall inspection in the packet path.

It is probnably worth noting that even if you administer the remote end of all required connections, as would be the case with a mesh of remote offices and no access to the Internet outside, loadbalancing 4x 1Gbps interfaces will not give you 4Gbps speed - it will only allow more users to connect at 1Gbps without overloading the link.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
stateful packet inspection firewall using netfilter hooks with load balancing deepamn Programming 2 12-16-2009 07:58 PM
Hardware firewall - to infrastructure with load balancing dlugasx Linux - Hardware 2 07-31-2009 11:59 AM
Internet gateway, router, firewall, and load balancing traigo Linux - Networking 2 11-24-2008 03:57 AM
Adding |Load Balancing to IPTables Firewall patpawlowski Linux - Networking 1 11-21-2005 10:42 AM
Firewall/Router+Load Balancing anyone? Pentagon Linux - Security 4 09-22-2003 04:00 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration