MultiWAN: Final Notes

There are a few things not covered in this tutorial that you should consider:

  1. Firewalling – In this basic state your new router will obediently forward packets irrespective. Don’t assume because you have NATing adsl modems that your router is protected. NAT is not a firewall and can be broken. In our case we chose to use shorewall with a few modifications to the two interface setup. This was especially important given this router also acted as a proxy and VPN tunnel IT HAD TO BE SAFE.
  2. DHCP – If you need to setup a DHCP server edit /etc/dhcp3/dhcpd.conf (see man dhcpd.conf). Remember that if you are using eth1 in more than one subnet you need to use the shared-network option.
  3. Check out your routing tables with the command: ip route show table MyTable (or main for the primary).
  4. There is a lot of automatic networking changes going on in these scripts make sure you can restart the service and the machine with out any problems.

This example tutorial only touches on some of the simple things that can be done with iproute2. There are many much more complex configurations you can try. The most obvious for me is traffic control and QoS to ensure bandwidth for each voice session. If you are using this setup in the same way, before you go jumping into tc/qos, do some research on how your ISP handles those packet flags. On ADSL once the packet leaves the local network, most ISPs leave it to normal contention over their backhaul and out onto the internets meaning that your local management does nothing but give you street cred for working it out. If that’s worth it.

<- The Example | Comments and Feedback ->

Return to Summary Page

Comments are closed.