Dual External NIC Firewall/Router

Bellrang QT · Tux's lil' helper Joined: 16 May 2003 Posts: 81

Here's my situation:

My university currently has a packet shaping / priority queue system in place to help equally share our bandwidth during peak hours. At times, this can be quite painful. Since the shaping is done per IP address, I'm thinking that I could possibly increase my browsing speeds if I could direct web requests through two IPs simultaneously.

So here's my thinking:

Could I set up a router that had two "external" NICs (plugged into my school's ethernet). Then a single NIC on the inside of the router would be plugged into my private LAN and would share the requests for outside pages over the two NICs (thus *almost* doubling my priority in the packet shaping queue).

Possible? Impossible? Ideas? This doesn't have to be a Gentoo solution (a floppy distro router/firewall would actually be really cool - I have hard drives just spinning aimlessly). Would the Mandrake Multi-network firewall package be able to accomplish something like this? I'm open to lots of ideas.

To throw one curveball - my webserver is inside the private LAN. I would need to be able to forward ports through at least one of the ports (although being able to forward port 80 on one external IP to a certain box internally and 80 on the other nic to a different box - all on the same router - would be awesome!)
_________________
I <3 forums.gentoo.org

ckdake · l33t Joined: 10 Apr 2003 Posts: 889 Location: Atlanta, GA

It sounds very possible to me. I have never heard of someone doing it, so I don't know if one of the firewall based distributions would be set up to do that easily or if you are better off just doing the rules yourself. I don't know about how it would balance http get requests, but you shoudl be able to balance the actual traffic. Will your school really give you two IP addresses though?
_________________
http://ckdake.com/

Bellrang QT · Tux's lil' helper Joined: 16 May 2003 Posts: 81

ckdake · l33t Joined: 10 Apr 2003 Posts: 889 Location: Atlanta, GA

That is incredibly amazing. I go to GT and when I lived on campus each dorm was a C block and we each got one IP and supposedly weren't allowed to use routers but I won't get into that. Multiple IP addresses would have been soooo nice. Are your IP addresses public?

also

Bellrang QT · Tux's lil' helper Joined: 16 May 2003 Posts: 81

Yeah, the IPs are public too

Congrats on post 500.

I guess I'll have look into things this weekend a little more.
_________________
I <3 forums.gentoo.org

tripmcneely187 · n00b Joined: 10 Dec 2003 Posts: 5 Location: Iowa

Are you at Iowa State by any chance? That bandwidth sharing thing sounds familiar

Bellrang QT · Tux's lil' helper Joined: 16 May 2003 Posts: 81

TheCoop · Posted: Wed Jan 28, 2004 7:54 pm Post subject:

have a look at shorewall, it is a very powerful iptables wrapper that can do anything iptables can
_________________
95% of all computer errors occur between chair and keyboard (TM)

"One World, One web, One program" - Microsoft Promo ad.
"Ein Volk, Ein Reich, Ein Führer" - Adolf Hitler

Change the world - move a rock