Hi
I do what you try at a couple of networks.
I have one IP-address outside my networks that I use to ping to check if
a link is good. I do some counting of packet loss before switching
routes. The IP-address I use to check routes is always routed out of the
preferred route and not the default route. I switch route based on
packet loss.
The script I use is meant to choose between two bad links where I prefer
one of them, you should change and tune it to fit your needs. This is
not a script to check if an interface is down. The script never stops,
you have to use <ctrl-c>. It could probably be done more elegant, but it
fit my needs.
#!/bin/sh
# An IP-address outside our net, used to check the link.
target=xxx.xxx.xxx.xxx
# Preferred route
route1=xxx.xxx.xxx.xxx
# Backup route
route2=xxx.xxx.xxx.xxx
interval=1
pingfail=5
switchback=100
# Internal variables
switch=0
successcounter=0
# Delete any existing route to $target and add one trought $route1
if ( ip route | grep $target ) ; then
ip route del $target
fi
ip route add $target via $route1
if ( ip route | grep "default via $route1" > /dev/null 2>&1 ) ; then
echo $(date) - Starting on $route1
else
echo $(date) - Starting on $route2
fi
while [ 1 ] ; do
if ( ! ping -c $pingfail $target > /dev/null 2>&1 ) ; then
if ( ip route | grep "default via $route1" > /dev/null 2>&1 ) ;
then
# We are using the prefered route, switch to route2
switch=1
fi
successcounter=0
else
successcounter=$( echo $successcounter+1 | bc )
if ( ip route | grep "default via $route2" > /dev/null 2>&1 ) ;
then
# We are not using the prefered route
if [ $switchback == $successcounter ] ; then
# We have enough success pings to switch back
switch=1
fi
fi
fi
if [ $switch == 1 ] ; then
# Switch route
if ( ip route | grep "default via $route2" > /dev/null 2>&1 ) ;
then
echo $(date) - Switching to $route1
ip route del default via $route2
ip route add default via $route1
else
echo $(date) - Switching to $route2
ip route del default via $route1
ip route add default via $route2
fi
# Flush routing cache
ip route flush cache
# HUP openvpn to reset connection
ps ax | grep [o]penvpn | awk '{ print $1 }' | xargs kill -HUP
> /dev/null 2>&1
switch=0
fi
# Sleep for $interval seconds
sleep $interval
done
exit 0
Tormod Nygård
On Wed, 2009-09-02 at 10:23 +0100, John Lister wrote:
> Hi, I have a multihomed machine to which i'd like to check the status of
> each line periodically. I want to do this so that I can modify the iptables
> rules and send new connections out over the active lines and restore service
> when the line comes back up.
>
> I thought I could use ping with the -I option, but that doesn't seem to
> work, it always uses the default route. However if I get rid of the default
> route and modify the rules to match the packets I get a "network
> unreachable" message without it ever hitting iptables. For example adding
> something like this never gets matched for the ping.
>
> iptables -t mangle -I OUTPUT -j LOG --log-prefix "output: "
>
> Normally ping results in ICMP messages being traversed, but not this time.
>
> Could someone explain what is going on and I'd be grateful if there were any
> suggestions on other ways to detect if a line is down - simply looking in
> /proc/net/dev or similar wouldn't help as the local connection is likely to
> be up, but the physical line to the ISP may be down.
>
>
> Thanks
>
> John
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
