There is always a right tool for the job :) http://www.linux.org/docs/ldp/howto/Adv-Routing-HOWTO/lartc.rpdb.multiple-links.html Although you will need iproute2 installed for this to work. Hope this helps On Wednesday 05 February 2003 11:29, Khanh Tran wrote: > I suppose that would work! I was just wondering if there was something > better already written into netfilter... > > Khanh Tran > Network Operations > Sarah Lawrence College > > -----Original Message----- > From: per j [mailto:perj8@hotmail.com] > Sent: Wednesday, February 05, 2003 12:26 PM > To: netfilter@lists.netfilter.org > Subject: Re: dual gateways > > > How about this? Use at to ping something on the Internet periodically or > ping the T3 router. Modify the defaultroute by using route whenever ping > returns false. Use MASQUERADE instead of SNAT in Netfilter. > > >I'm sure this is possible, but I just haven't gotten it to work right by > >playing around with the settings. > > > >I've got three NICs in the firewall box. I've also got two routers that > > go to the Internet via two separate lines (a T1 and a partial T3). I've > > got my > >default gateway set on the linux box to go out via the T3 and NAT setup > > for my clients to route out via that interface. I'd like to know if it's > > possible to setup a failover route to redirect clients out the T1 should > > the > >T3 not be available, even if the router is. Here's the basic diagram: > > > > > > (default route) > > eth2 <---> |T3 Router| <---> Internet > >LAN <---> eth1 |firewallBox| > > eth1 <---> |T1 Router| <---> Internet > > > > > >Khanh Tran > >Network Operations > >Sarah Lawrence College > > _________________________________________________________________ > The new MSN 8: advanced junk mail protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail -- Daniel Fairchild - Chief Security Engineer | danielf@supportteam.net The distance between nothing and infinity is always the same no matter how close you get to nothing.
