I want a set-up with a satellite link (eth0) and a cellular cdma link (ppp0) coming into a linux box with a LAN (eth1 or wlan0) to be able to route first through the satellite when it's on, or else the cdma when it's in range. Load sharing is not critical, but it would be nice. The satellite has a static IP, the cdma is dynamic. Both WANs are NAT'd public IPs. The private LAN will be SNAT'd or MASQ'd for access to the internet.
To simplify the situation, I'm simulating the real situation with three ethX's. I have two independant ISPs (static public IPs) and a linux laptop connected via cross-over to the LAN interface.
This is not a new question, but I have done this: I checked the mailing list archives, applied the patches [http://www.ssi.bg/~ja/#routes-2.4] to a 2.4.26 kernel, and read (and applied) the commands from [http://www.ssi.bg/~ja/nano.txt], and set up a bash script to ping via my two WAN interfaces once per minute.
But I've done something wrong, obviously(?).
I suspect a typo or other oversight, but haven't found it yet.
Here are my settings:
root@scyther:~# uname -a
Linux scyther 2.4.26 #2 Fri Apr 16 18:17:31 EDT 2004 i586 unknown unknown GNU/Linux
root@scyther:~# lsmod
Module Size Used by Not tainted
ipt_state 472 2 (autoclean)
iptable_nat 16280 1 (autoclean)
ip_conntrack 19944 0 (autoclean) [ipt_state iptable_nat]
iptable_filter 1612 1 (autoclean)
8139too 13576 1
mii 2304 0 [8139too]
tulip 40832 2
root@scyther:~# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:c8:f8:24:1d brd ff:ff:ff:ff:ff:ff
inet aa.bb.23.183/27 brd aa.bb.23.195 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:80:c8:f8:24:1e brd ff:ff:ff:ff:ff:ff
inet cc.dd.69.83/27 brd cc.dd.69.95 scope global eth1
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:80:c8:f8:24:1f brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:80:c8:f8:24:20 brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:f4:11:52:43 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.1/24 brd 192.168.10.255 scope global eth4
root@scyther:~# ip rule
0: from all lookup local
50: from all lookup main
201: from aa.bb.23.160/27 lookup 201
202: from cc.dd.69.83/27 lookup 202
222: from all lookup 222
32766: from all lookup main
32767: from all lookup default
root@scyther:~# ip route
aa.bb.23.160/27 dev eth0 proto kernel scope link src aa.bb.23.183
cc.dd.69.64/27 dev eth1 proto kernel scope link src cc.dd.69.83
192.168.10.0/24 dev eth4 proto kernel scope link src 192.168.10.1
root@scyther:~# ip route show table 201
default via aa.bb.23.161 dev eth0 proto static src aa.bb.23.183
prohibit default proto static metric 1
root@scyther:~# ip route show table 202
default via cc.dd.69.94 dev eth1 proto static src cc.dd.69.83
prohibit default proto static metric 1
root@scyther:~# ip route show table 222
default proto static
nexthop via aa.bb.23.161 dev eth0 weight 1
nexthop via cc.dd.69.94 dev eth1 weight 1
root@scyther:~# cat ping-daemon.sh
#!/bin/sh
#
# ping on interfaces to keep kernel happy
#while : ; do
ping -c 1 aa.bb.23.161 > /dev/null 2>&1
ping -c 1 cc.dd.69.94 > /dev/null 2>&1
sleep 60
done
root@scyther:~#
root@scyther:~# iptables -v -L
Chain INPUT (policy ACCEPT 1251 packets, 83120 bytes)
pkts bytes target prot opt in out source destination
10141 1037K keep_state all -- any any anywhere anywhereChain FORWARD (policy ACCEPT 824 packets, 68747 bytes) pkts bytes target prot opt in out source destination 1416 142K keep_state all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 7859 packets, 653K bytes) pkts bytes target prot opt in out source destination 16864 1625K keep_state all -- any any anywhere anywhere
Chain keep_state (3 references)
pkts bytes target prot opt in out source destination
18487 2000K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
9934 804K RETURN all -- any any anywhere anywhere
root@scyther:~# iptables -v -L -t nat
Chain PREROUTING (policy ACCEPT 1391 packets, 78477 bytes)
pkts bytes target prot opt in out source destination
1391 78477 keep_state all -- any any anywhere anywhere
Chain POSTROUTING (policy ACCEPT 7246 packets, 608K bytes)
pkts bytes target prot opt in out source destination
3 227 SNAT all -- any eth0 invalid.168.192.in-addr.arpa/24 anywhere to:aa.bb.23.183
209 17307 SNAT all -- any eth1 invalid.168.192.in-addr.arpa/24 anywhere to:cc.dd.69.83
7246 608K keep_state all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 keep_state all -- any any anywhere anywhereChain keep_state (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
8637 687K RETURN all -- any any anywhere anywhere
root@scyther:~#
From the laptop on the private network, I can ping both WAN interfaces, but only can ping out through one of them (currently cc.dd). I can browse to the internet, but if I pull the cable on the interface, I don't seem to switch to the other. What should I be checking for to figure this out.
Thanks for any help. -- Bob Beers
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
