2

I recently began to work in this organization, we have 4 ADSL separated links, so the people connect to the nearest WiFi, resulting in usage inequality. I was about to change the links to a fiber link, but it won't be possible this year. So what I want to Achieve is the following:

  • The server balances the load between the links.
  • The server would also work as firewall to block access to certain sites.
  • Ideally it would implement a cache like squid.

I want to purchase a server, it has 1 network card with 2 ports, I'd configure the interfaces like this:

  • eth0: 192.168.1.254
  • eth1: 192.168.2.1

to balance the load between the links, my idea is the following:

                  |      |-- 192.168.2.254 
      eth0  eth1  |      |-- 192.168.2.253
|LAN|--|Server|---|Switch|
                  |      |-- 192.168.2.252
                  |      |-- 192.168.2.251

I don't have experience with this, so I'd like to know: Is this possible?, taking into account that the network card would have just two ports and that for the Server OS I'm considering PFSense or a Linux Distribution.

Thank you in advance.

Emanuel Peña Aguilar
  • 131
  • 3
  • Yes it is possible. http://lartc.org/howto/lartc.rpdb.multiple-links.html It can be pretty tricky to setup. There are multi-link devices you can buy that will do this for you. – Zoredache Oct 03 '13 at 18:10
  • pfSense is multi-lan/sharing capable, VLAN aware to deal with your need for 5 connections on two ports, and has Squid as a package install - should do what you need, on the budget you are dealing with. – Ecnerwal Oct 03 '13 at 18:55

3 Answers3

4

Yes it is possible, both pfSense and some Linux-based Firewall distributions can do it. As Zoredache mentioned there are quite a few hardware products which will do what you want as well.

Here's a link to the pfSense documentation regarding this sort of setup: pfSense Multi-WAN

Chris S
  • 77,945
  • 11
  • 124
  • 216
3

I would use an appliance approach to this rather than relying on a server. Something like an Elfiq LB-600E or Elfiq LB-800E will be a more flexible link-balancer for your purposes. It should cost slightly more than a quality server, but you free yourself from the server hardware/OS hardware dependency.

I know you're looking for all-in-one, but sometimes it makes sense to separate disparate functions. I wouldn't want my caching server to be my firewall, for instance...

ewwhite
  • 197,159
  • 92
  • 443
  • 809
  • How specifically would those models be more flexible link-balancers than a server? – Chris S Oct 03 '13 at 18:23
  • 1
    They have solid alerting, a bypass mode (that defaults to a primary connection), session and protocol persistence, 8+ load balancing algorithms and can handle inbound and outbound load balancing. – ewwhite Oct 03 '13 at 18:28
1

You can also do this with ssh and bonding. http://simonmott.co.uk/vpn-bonding

suprjami
  • 3,536
  • 21
  • 29