[Firewall] checking on any multiroute plugin additions people may have written

Tim Miller Dyck tim at peaceworks.ca
Mon Feb 27 00:45:21 CET 2012


I'm going to be using the multiroute plugin for the first time with arno-iptables-firewall 2.0.0.c when we add a second internet connection to one site that has outgrown a single connection.

The default arno-iptables-firewall multiroute script does load-balancing of connections across both interfaces but mentions limitations around link failover (lack of dead gateway detection in the Linux kernel, though kernel patches exist to add this).

I'm wondering if anyone has written any additions to the multiroute script that add additional functionality, e.g.

 - allow configuration of which traffic goes over which link (e.g. by source IP, destination IP, or destination port) instead of just load-balancing across both connections

 - add some level of link monitoring that will direct all traffic to the alternative link and flush route tables if one link goes down


Tim Miller Dyck
Ontario, Canada

