Re: multipath routing

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


<snip>
I have a private lan that is connected to the world via 3 dsl lines.  I put
up a linux box that handles all the dsl lines, lan gateway and all is
working well...until...one of the dsl lines goes down.  My routing table is:

x.x.x.x dev ppp0  proto kernel  scope link  src x.x.x.x
x.x.x.x dev ppp1  proto kernel  scope link  src x.x.x.x
x.x.x.x dev ppp2  proto kernel  scope link  src x.x.x.x
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.1
255.255.255.0/24 dev eth0  scope link
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default equalize
       nexthop via x.x.x.x  dev ppp0 weight 1
       nexthop via x.x.x.x  dev ppp1 weight 1
       nexthop via x.x.x.x  dev ppp2 weight 1

When one of the dsl lines has trouble (temporarily looses sync, etc), the
kernel takes the entire default route out until the line comes back up.
When the line comes up, it puts a single default route back in instead of
the multipath route.  If I can make it so the multipath route is maintained
even when one of the dsl lines goes down, that would be great.  Is there a
way to have just one of the hops removed from the default multipath while
the line is down and then reinserted back in as a hop in the multipath
route?  Thanks for any input.

-Chris
</snip>

Do you have the stateful firewall settings in your script?

According to nano.txt
http://www.ssi.bg/~ja/nano.txt

"At least for netfilter (not sure for ipfwadm/ipchains), the firewall
must be stateful. This can be done by:

                iptables -t filter -N keep_state
                iptables -t filter -A keep_state -m state --state RELATED,ESTABLISHED \
                                 -j ACCEPT
                iptables -t filter -A keep_state -j RETURN

                iptables -t nat -N keep_state
                iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED \
                                 -j ACCEPT
                iptables -t nat -A keep_state -j RETURN

and calling this at the beginning of the script:

                iptables -t nat -A PREROUTING -j keep_state
                iptables -t nat -A POSTROUTING -j keep_state
                iptables -t nat -A OUTPUT -j keep_state
                iptables -t filter -A INPUT -j keep_state
                iptables -t filter -A FORWARD -j keep_state
                iptables -t filter -A OUTPUT -j keep_state
"
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux