Sorry, i'm pretty outdated with current software trends for router. What is the relations between virtual IP and squid ? Do you mean:


For a) it's quite obvious, you'll need to set router as gateway for squid proxy.
In b) case, you'll need NAT.
For Linux with iptables, see:
http://tldp.org/HOWTO/TransparentProxy-6.html#ss6.2

Mind you that load sharing for internet is not perfect. The correct implementation requires you to install load-balancer at the both side, and not CPE side only. Eg:

This way, you'll be guaranteed to get bandwidth of WAN1 + WAN2. But, if you install the load-balancer for CPE side only, most likely you'll never get the speed of WAN1+WAN2. (An analogy is single-core vs dual-core CPU, you'll not get 4GHz CPU if you get 2GHz dual-core). Also there is a few problems you'll need to cater with.(And yes, things can become really ugly...static routes, alternative routes, Dead Gateway Detection, NAT, etc)
http://lartc.org/lartc.html#LARTC.RPDB.MULTIPLE-LINKS

PS: Ugh, it's hard to draw ascii in here

First, let's redraw the diagram:

To simplified, what you want is to route based on tcp port number. I'm not sure what OS you're using but it can be done as follow (in Linux iptables lingo):

1 - use NAT to redirect tcp destination port(dport) 80 to 3128(squid port). You'll also need MASQ/DNAT here for return packet...
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

2 - use packet mangle, set all traffic with tcp dport 80 to some MARK value(let say 2).
iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK --set-mark 2

3 - use iproute2 to route all traffic marked with 2 to pass through WAN2
echo 202 www.out >> /etc/iproute2/rt_tables
ip rule add fwmark 2 table www.out
ip route add default via WAN2_IP_ADDR dev wan2 table www.out
ip route flush cache

Well, quite interesting setup you have there.. I'm not sure if my instruction work or not(as i never test that) but i think it will. You may need to change/play around it to test. Feedbacks are welcomed. After all, i'm still n00bish in this kind of things

EDITED:-- after some re-read i think my packet mangling section is wrong... We should mark packet output from squid not incoming. So, the question is how to mark packet outputted from squid ?...

EDITED:-- Some answers:
http://lists.netfilter.org/pipermail/netfi...ril/060108.html
http://www.squid-cache.org/mail-archive/sq...00505/0698.html

This post has been edited by mokona_modoki: Nov 3 2006, 12:00 AM

Just some general knowledge
This diagram should describe how Linux route packet. Should be useful if you want to play with iptables, traffic control, shaping etc...

http://l7-filter.sourceforge.net/PacketFlow.png

In former problem:
No, there is no need for squid patching. My mangle rule is wrong, the correct one is already answered in the mailing list. That is change from:
iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK --set-mark 2
to
iptables -A OUTPUT -t mangle -p tcp --dport 80 -j MARK --set-mark 2
For a while i was confuse with chain OUTPUT because i guess it evaluated after routing already done, but the truth is not. See http://l7-filter.sourceforge.net/PacketFlow.png to see how routing is decided.
After that, just follow for the rest.

Current setup:
- I would prefer the former rather than later as it's cleaner approach. If you decide to use this setup, you'll need to mark every packet except tcp dport 80. This would also increase unnecessary processing overhead. But the concept is still the same:
- route only happen at IP layer, so it don't know about TCP port number. So it needs help from iptables.
- iptables know about TCP layer, so it can check the source/dest port for each packet. To work with route, iptables will mark the necessary packet with special "tag".
- route see packet with special "tag", send them to correct interface (eg: wan2).

Notes:
- iptables know nothing about application layer. So if you want up to application control(eg: http only, not port 80 tcp), then you'll need another piece of software. (Eg: snort-inline). But remember, the higher TCP layer you use, the higher processing overhead would occur. So, for this example i'll just use tcp port 80 which should be adequate.

If your card support hostap, it can be converted to Access Point.
http://hostap.epitest.fi/

I see, so what you want is High-Availability(HA) not High Performance(HP). If i recall correctly, you'll need a daemon to monitor line status. If fail, then failover.. maybe this site could help you:
http://www.linux-ha.org/

Generally, it depends on your system bottleneck, ie: CPU bound(cpu too slow) or I/O bound(slow harddisk). Also, type of file (few large files, or lot of small files.) For me, i'll choose JFS or XFS, depend on those criteria.

Some good review:
http://linuxgazette.net/122/TWDT.html#piszcz

Yeah, that is a thing of past
NTFS-3g should be "safe enough" for most operation. Read, write, delete.. most of it works without any problem. I've been using it on laptop for sometimes already, though i don't recommend it for servers... The only missing feature is defrag or repair NTFS.