Tony,

Not sure what the capabilities are of the SonicWall, but basically you need
to put in a something like a network load balancing switch (generally these
are expensive - I am not sure if you can do this in software on a Linux
box). This would become your default gateway and would sit between the
Sonicwall and the 2 "WAN" connections. Most NLB Switches (or Layer 4-7
switches) are smart enough to maintain session information and route traffic
appropriatly.

 Have a look at http://www.xincom.com/papers/inbound_loadBalancing.html or
http://www.foundrynetworks.com/products/webswitches/serveriron/index.html

Another possiblilty is to try the following (assuming the Sonicwall supports
this)

Configure multiple VLAN "External" interfaces on the Sonicwall External
interface - one for each WAN connection (so they will have different
IPs/subnets) - I am quite certain I can do this on my Netscreen 50 (but
havn't tried it). Also matching VLAN "Internal Interfaces"
Flow that down through to the Web servers by having multiple NIC's (physical
or virtual) with a default gateways that point back to the appropriate FW
interfaces and configure your FW policies appropriately.
For redundancy you could set up secondary routes and DNS entries with a
higher cost.

Can be quite messy to manage and requires the Sonicwall to be able to handle
some advanced networking features but is a cheep solution if it does.

Hope this helps

Cheers

Jason

----- Original Message -----
From: "Tony Paterson" <Tony.Paterson@salestech.co.nz>
To: "Mailing List ADSL (E-mail)" <adsl@lists.unixathome.org>
Sent: Tuesday, August 31, 2004 6:33 PM
Subject: RE: Two ISPs, two static IPs and two servers

>
>
> That is exactly how I see the problem, I have an idea on how to get around
it in this situation, but all my other ideas have not panned out so any
suggestions welcome.
>
> Thanks
>
> -----Original Message-----
> From: Jeff McLuckie [mailto:wasabi2k@paradise.net.nz]
> Sent: Tuesday, 31 August 2004 6:25 p.m.
> To: Tony Paterson
> Subject: RE: Two ISPs, two static IPs and two servers
>
>
> As dar as I know you cant have a box going out through a different gateway
> than the request came in, or the client receives an ack from an ip it
never
> sent a syn to, hence no connection.
>
> The connection has to go in and out through the same gateway
>
> -----Original Message-----
> From: owner-adsl@unixathome.org [mailto:owner-adsl@unixathome.org] On
Behalf
> Of Tony Paterson
> Sent: Tuesday, 31 August 2004 7:48 a.m.
> To: Mailing List ADSL (E-mail)
> Subject: Two ISPs, two static IPs and two servers
>
> Hi,
>
> My heads been running round in circles on this and just wanted to make
sure
> that I was looking at it the right way.
>
> We already have a full rate JetStream connection and have just added Wired
> Country in order to get a second static IP and some redundancy.
>
>
> Current config:
>
> SonicWall FireWall/VPN
> - WAN, LAN and DMZ connections
>
> JetStream (Full rate)
> - Static IP
> - Nokia M1122
> - WAN side of SonicWall
> - HTTP/SSH etc point to Linux box
>
> WiredCountry
> - Static IP
> - DLink router
> - WAN side of SonicWall
>
> Linux Server
> - Using IPTables for routing
> - CVS, Apache etc
> - WAN side of SonicWall
>
> Windows Server
> - HTTPS
> - LAN side of SonicWall
>
>
> Problem:
> The default gateway for the linux box is the JetStream connection, and the
> default gateway for the SonicWall is also the JetStream connection. This
> scenario has been working fine.
>
> If I put a web server on the WAN side of the SonicWall and set it's
default
> gateway to the DLink/WiredCountry connection and set it up as a "Virtual
> Server"/NAT it works fine and is accessible from the Internet. If I create
> another "Virtual Server" on the WiredCountry/DLink connection, which
points
> to the linux box, it's not accessible from the Internet, and the same is
> true if I create a "Virtual Server" which points to a port on the
SonicWall.
>
> My thinking is that this is all related to Default Gateways and I may need
> to setup another linux box to do NAT/masquerading etc.
>
> Basically I want to be able to point "Virtual Servers"/NAT from both
> JetStream and WiredCountry to the linux box - am I looking at this
> all-wrong.
>
> Any suggestions/ideas appreciated.
>
> Yours Tony P
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org
> with "unsubscribe adsl" in the body of the message
>

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message