jmozdzen;2158140 Wrote:
> Hi Kevin,
> is running a squid proxy on the machine an option? Then you might want
> to look at the tcp_outgoing_address option (an make sure your proxy will
> only listen on an internal interface, like if all requests
> origin on the sam machine - http_port option)...
> Regards,
> Jens

Hi Jens,

This is a firewall machine. Most requests will originate from somewhere
on the LAN although some could/will originate from this server.

I'm relatively new to Linux with only a few years under my belt. I have
yet to play with a squid proxy or delve into iptables, both of which are
on my to do list.

I don't think it is too unusual these days to have a second ISP for
backup or load balancing. I have configured a Netgear FVS336G dual WAN
router/firewall for a customer. It provides load balancing and fail-over
but creating rules is very time consuming and the device has throughput
limitations. In my area, the cable company is offering 100 megabit
service which can tax many small routers. I would think a SLES firewall
should be able to provide the capabilities I need and accommodate the
higher throughput. I'm surprised this issue hasn't come up before...

I suspect iptables might be the solution. I'll just have to make some
time to learn a bit more about it. If anyone is interested, I can
recommend a good book. It's well organized and easy to read but there is
a lot of material to digest...

'Novell Press Books - Linux Firewalls, Third Edition '

Thank you for your input.

Kevin Boyle
If you find this post helpful, please click on the star below!
KBOYLE's Profile:
View this thread: