RE: Question regarding Split Access description (Adam Neat)

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

IMHO, i believe that it would be more realistic to have one router providing
load balancing/dead gateway to one/several subnet(s).  otherwise, each
server/user would have to do their own load balancing for each subnet!
that,
or you would need 3 routers, one for each subnet and a linux router doing the
load balancing in the middle.

with 3 routers, the load balancing configurations shouldn't change,
just ip addresses

there is a discussion of how to use DNAT (port forwarding) at
http://www.ssi.bg/~ja/dgd-usage.txt
with dead gateway detection



               xx.xx.xx.x1/32--->SHDSL#1

                    (wan0)/     xx.xx.xx.x2/32
server(s)     ------>         Switch         ------->  (lan0)  Linux
Router --
ex. LAMP Server                                     ip 192.168.1.1/28  (wan1)\
ip 192.168.1.2/28
     yy.yy.yy.y1/32--->SHDSL#2
gw 192.168.1.1
                          yy.yy.yy.y2/32

ip rule add prio 10 table main
ip rule add prio 20 from xx.xx.xx.x1/32 table 20
ip route append default via xx.xx.xx.x2 dev wan0 src xx.xx.xx.x1 table 20
ip rule add prio 30 from yy.yy.yy.y1/32 table 30
ip route append default via yy.yy.yy.y2 dev wan1 src yy.yy.yy.y1 table 30

ip rule add prio 100 from 192.168.1.0/28 table 100
ip route add default table 100 \
	nexthop via xx.xx.xx.x1 dev wan0 \
	nexthop via yy.yy.yy.y1 dev wan1

the key is using 192.168.1.1 as the gateway
ipTables masq and dnat rules could take care of src and dest ip addressing
to xx.xx.xx.x1 and yy.yy.yy.y1.  i prefer keeping some routing in iptables as a
firewall advantage.

iptables -t nat -A POSTROUTING -o wan0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o wan1 -j MASQUERADE

iptables -t nat -A PREROUTING -p tcp -d xx.xx.xx.x1 --dport 80 \
              -j DNAT --to-destination 192.168.1.2
iptables -t nat -A PREROUTING -p tcp -d yy.yy.yy.y1 --dport 80 \
              -j DNAT --to-destination 192.168.1.2

DNS Records, at godaddy.com for example, should specify both xx.xx.xx.x1
and yy.yy.yy.y1 for the LAMP.  then you would have a path to both
SHDSL connections from the internet for one domain.

this makes the most sense to me, but isn't the only solution, the only fault
i can see is that there is one major point of failure.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux