Outbound load balancing based on best available bandwidth

    Hi, I’m new to ZeroShell, and very happy with it. Great product.

    I have 2 different internet providers which are load balanced and one Lan interface. Each internet connection has an ADSL modem and firewall, and is exposing private IP addresses to ZeroShell.

    Eth00 – External Internet 1 (Private subnet #1)
    Eth01 – External Internet 2 (Private subnet #2)
    Eth02 – Internal Lan (Private subnet #3)

    Eth00 and Eth01 are NAT’ted together and the Internal Lan can access the internet, and connections are weighted 50:50 as expected (weighing is “1” on both external interfaces)

    My question is….

    Is it possible to set up ZeroShell to Load Balance according to available bandwidth on Eth00 and Eth01? If I’m download a big file on and Eth00 and this is using (say) 1.5Mbit/sec, can I configure ZeroShell to send all other internet requests to Eth01 until Eth01 is also using more than 1.5Mbit/sec, at which time new requests are sent to Eth00 again… and so on?

    I’m try to avoid sending requests to an Internet connection that is already swamped.

    Many thanks


    Regarding the original question I should have added:

    The internal Lan (Eth02) connects to a Juniper Firewall, so the devices within the Lan are not visible to ZeroShell. All that ZeroShell see’s is the “Untrust” interface on the Juniper. All of the Lan devices are on the Juniper “Trust” interfaces.

    Hey there!
    First of all you can edit your posts to add or correct some info.
    Secondly I think that the only way to load balance so accurately is on;y by creating a BOND of 2 vpn tunnels to a server on the internet with enough bandwidth. This will be your gateway and the BOND interface will load balance on packet level now, instead of connection level at load balancer.


    Hi ppalias,

    Thank you for your ideas and comments. Unfortuneately I cannot use an external Internet Server to bond with, although I can see how it would solve this issue.

    For now I have created some manual rules for the primary network traffic, and tried to split the rules to each interface.

    I’ll keep looking for a solution based on load. Thank you for your help.

