Dual-WAN/ISP Router on Hardened Gentoo Linux - Part 1
Jason Muskat
Director and Principal Enterprise Cybersecurity Architect & Consultant: Cloud, Data Protection & Encryption, Cybersecurity, Governance, and Privacy
My VDSL Internet connection was down for a week after an accident someplace smashed apart several fibre nodes. Luckily, I had implemented a BCP/DR plan of using a LTE based Internet connection as a backup; however, the provisioned 20 Gb bucket only lasted a couple of days. I needed a new, working, Internet connection quickly.
I immediately started looking at other ISPs for a value DOCSIS based Internet connection. As this would be a back up internet connection for BCP/DR purposes I wanted to ensure diversity of ISPs and of delivery technologies. Using the same ISP and/or delivery technology for both Internet connections would be haphazard because this would create a single point of failure. I.e., should that ISP and/or delivery technology have an outage both Internet connections could go down.
I found a value ISP and ordered their most popular DOCSIS based Internet connection as a backup to my premium VDSL based Internet connection. There are several notable practical differences between a VDSL and a DOCSIS Internet connection; as well as, the local ISP implementation of each. I will write about this in the future should people be interested.
After the working DOCSIS based Internet connection was setup at my premise, I Initially configured my Hardened Gentoo Linux router to route all internet traffic through the new Internet connection. Now an interesting challenge presented itself: How can I setup Linux with 2 default gateways? Generally, a system cannot have 2 default gateways, but that is exactly what I now needed.
For 99.99999999% of people, they should just purchase a dual-WAN router and forget about the rest. For me, I enjoy Linux very much and my Hardened Gentoo Linux router can be configured and scripted to do whatever is needed, and that is what I did. I setup Linux, various network daemons, created scripts and automated everything. The solution I built is perfect for my needs and works great.
Part 2 Forward
The rest of this series will highlight important related configurations and settings so that you can experiment and create your very own Dual-WAN Dual-ISP Linux routing solution. So order your backup internet connection and follow this series to help get prepared should your main Internet connection go down.
In Part 2 we will setup Linux's Connection Tracking to include which interface an inbound connection entered from, important command lines, and more.
Director and Principal Enterprise Cybersecurity Architect & Consultant: Cloud, Data Protection & Encryption, Cybersecurity, Governance, and Privacy
2 年Part 1: https://www.dhirubhai.net/pulse/dual-wanisp-router-hardened-gentoo-linux-part-1-jason-muskat/ Part 2: https://www.dhirubhai.net/pulse/dual-wanisp-router-hardened-gentoo-linux-part-2-marking-muskat/ Part 3: This week..