> Hi guys,
> I have a networking question I could not find an answer for with
> We have currently at work two ISP boxes(routers), i want to setup a
> firewall to protect an intranet on a local host. The problem is that
> not every one is using the same router.
> Here is my question: how can i do to make all traffic be sent to one
> location (firewall-loadbalancer) then the loadbalancer switchs
> automatically between the two routers .
Change the dhcp server configuration so that the default gateway for
workstations points at the internal private interface of the firewall,
then manually configure the default gateways of your servers.
Then how to configure load balancing will be propietary to your
firewall, so I can't really help you.
If you were using linux as your firewall, I would just use 2 firewalls
(hardware is cheap), crossover cable them to the routers and set up
dhcpd to round robin the client workstations between them (set the
dhcpd address pools so that each firewall hands out every other
address). That will get you load balancing inbound as well as
outbound. You can tune it by moving indevidual pool addresses from one
firewall to the other.
Set the expire time for dhcp short, and to an odd number, like 13
minutes on the first firewall, and 17 minutes on the second. (people
tend to turn on their computers at the same time at the beginning or
end of the hour, odd intervals will help balance network load) Then
set up a second configuration file for dhcpd with the FULL address
pool on both servers, and write a script so that each server pings the
other and swaps to the full pool if they can't reach eachother. If you
make the script ping your WAN links as well, you will get automatic
fail over from the firewall private interface, all the way to the end
of the WAN link, all without having to mess with HSRP, or active
routing, or grabastic third party firewall software.
> I am not an expert in networking just basic knowledge of subnets ip
> addressing and firewalling (iptable), I am an advanced linux user