|
Hello,
I'm trying to achieve the following.
2 ISP's and 1 LAN with failover. So, when 1
internet connection fails the other need to take over. I'm aware of the
restrictions. The current sessions are lost.
I did this before, one and a half year ago or
something. But at that router wasn't failover. Now i've read the nano howto and
followed it.
I'm using Debian with kernel 2.6.12-3 patched with
Julian Anastasov's routes patch. This integrated failover functionality. I need
to say. It works great on the machine itself. Everytime I start a traceroute
another link will be used. When I unplug an internet link, all of my traceroutes
uses the internet connections which are up. When I re-plug the internet link my
traceroutes will use the one again.
This is how it needs to be, also for the connected
pc's. But that's not working. All traceroutes on client machine are going
through the same router: 192.168.20.1->192.168.32.1->internet
I used following firewall rules, but
that shouldn't be the problem:
iptables -t filter -N keep_state
iptables -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t filter -A keep_state -j RETURN iptables -t nat -N keep_state
iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A keep_state -j RETURN iptables -t nat -A POSTROUTING -o eth1
-s 192.168.20.0/24 -j SNAT --to 192.168.1.240
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.20.0/24 -j SNAT --to 10.0.0.240 iptables -t nat -A POSTROUTING -o eth3 -s 192.168.20.0/24 -j SNAT --to 192.168.32.240 iptables -t nat -A PREROUTING -j
keep_state
iptables -t nat -A POSTROUTING -j keep_state iptables -t nat -A OUTPUT -j keep_state iptables -t filter -A INPUT -j keep_state iptables -t filter -A FORWARD -j keep_state iptables -t filter -A OUTPUT -j keep_state It looks like the problem comes from my multi route
table 222. When I change the order of the devices in the multiroute rule all of
my traceroutes on the clients are using the last nexthop via. I'm using three
eth's as external interfaces and always the last one in my multihop route will
be used by my workstations.
Setup:
ip rule ls
0: from all lookup local 50: from all lookup main 201: from 192.168.1.0/24 lookup 201 202: from 10.0.0.0/24 lookup 202 203: from 192.168.32.0/24 lookup 203 222: from all lookup 222 32766: from all lookup main 32767: from all lookup default ip ro s t 222
default proto static nexthop via 192.168.1.1 dev eth1 weight 1 nexthop via 10.0.0.138 dev eth2 weight 1 nexthop
via 192.168.32.1 dev eth3 weight 1
ip ro s t 201
default via 192.168.1.1 dev eth1 proto static src 192.168.1.240 prohibit default proto static metric 1 ip ro s t 202
default via 10.0.0.138 dev eth2 proto static src 10.0.0.240 prohibit default proto static metric 1 ip ro s t 203
default via 192.168.32.1 dev eth3 proto static src 192.168.32.240 prohibit default proto static metric 1 Well, I think you have all the information. What I
want to do is simply routing on multiple interfaces. No queue based routing or
something. Linux may just choose which route is going to be used.
Thanks for your help in advance.
Kind regards,
Hans Middelhoek
Netherlands
|
_______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
