From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Cristiano Soares" Date: Wed, 07 Apr 2004 17:36:45 +0000 Subject: [LARTC] setup fail-over with redhat9... Message-Id: <003501c41cc6$e604c0b0$6400a8c0@stillnicks> MIME-Version: 1 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0032_01C41CAD.C0582AA0" List-Id: To: lartc@vger.kernel.org This is a multi-part message in MIME format. ------=_NextPart_000_0032_01C41CAD.C0582AA0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi. Im now decribeing my problem very clearly to see if anyone could = help me.=20 I have 3 (three) nics in my system. 1 is for my internet network - (eth1) 2 are for my 2 adsl lines that i use to connect to the internet = (eth2 is my "master" adsl line) and (eth0 is my "slave" adsl line). I know that to make redundance work ill have to setup the ip route and = ip rule in my system. To do that, i found a bash script called "NETSANE = - http://muse.linuxmafia.org/netsane/". I have to change somethings like = interface of the first and second lines in netsane.conf. So, i did all = the changes needed. Looking good so far, i can ping outside sites the = both eth2 and eth0 doing "ping -I eth# www.kernel.org", i dont have a = "default route" and etc. Ok, now goes the worse part. I cant MASQUERADE the connection to my = internal network, and even if i could, will redundance work if the first = interface fails? I dont think so. Because i tried a normal ping (ping = www.kernel.org) and it always goes through eth2, even the i unplug the = adsl line from the router/modem to simulate a down link. I believe that should be an IPTABLES configuration to make NAT work with = redundance, not the usual below: #!/bin/sh IPTABLES=3D/sbin/iptables #All The lines below are NAT routing # flush any old rules $IPTABLES -F -t nat # turn on NAT (IP masquerading for outgoing packets) $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE # enable IP forwarding (of incoming packets) echo 1 > /proc/sys/net/ipv4/ip_forward Im using the rc.firewall-2.4 right now, and it clearly doesnt work with = redundance. Here is my network. LAN =20 _/\__/\_ = +---+----+ = _/\___/\_ / \ (eth2) - 192.168.1.200 (GTW-192.168.1.1) = | | (eth0) - 192.168.0.200 (GTW-192.168.0.254) = / \ ( Router1 )------------------------------------------------+ = Linux box + = ----------------------------------------------------------( Router 2 ) \_ __ _ / = | | = \ _ __ _ = / \/ \/ = +----+---+ = \/ \/=20 = | | = (eth1) - 192.168.2.1 = -------------------- = = | | = | LAN | = |Ex:192.168.2.20 | = | 192.168.2.21... | = ----------------------------- Sites I tried: http://lartc.org/howto/lartc.rpdb.multiple-links.html http://www.ssi.bg/~ja/nano.txt THANKS A LOT ------=_NextPart_000_0032_01C41CAD.C0582AA0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi. Im now decribeing my problem very clearly to = see if=20 anyone could help me.
 
I have 3 (three) nics in my system.
    1 is for my internet network = -=20 (eth1)
    2 are for my 2 adsl = lines that i=20 use to connect to the internet (eth2 is my "master" adsl line) and (eth0 = is my=20 "slave" adsl line).
 
I know that to make redundance work ill have to = setup the=20 ip route and ip rule in my system. To do that, i found a bash script = called=20 "NETSANE - http://muse.linuxmafia.org/n= etsane/".=20 I have to change somethings like interface of the first and second lines = in=20 netsane.conf. So, i did all the changes needed. Looking good so far, i = can ping=20 outside sites the both eth2 and eth0 doing "ping -I eth# = www.kernel.org", i dont=20 have a "default route" and etc.
Ok, now goes the worse part. I = cant MASQUERADE the=20 connection to my internal network, and even if i could, will redundance = work if=20 the first interface fails? I dont think so. Because i tried a normal = ping (ping=20 www.kernel.org) and it always goes = through=20 eth2, even the i unplug the adsl line from the router/modem to simulate = a down=20 link.
I believe that should be an IPTABLES = configuration to make=20 NAT work with redundance, not the usual below:
 
#!/bin/sh
 
IPTABLES=3D/sbin/iptables
 
#All The lines below are NAT = routing
 
# flush any old rules
$IPTABLES -F -t = nat
 
# turn on NAT (IP masquerading for outgoing=20 packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j = MASQUERADE
 
# enable IP forwarding (of incoming = packets)
echo 1=20 > /proc/sys/net/ipv4/ip_forward
 
 
Im using the rc.firewall-2.4 right now, and it = clearly=20 doesnt work with redundance.
Here is my network.
 
       =20 LAN
           =             &= nbsp;      
    &nbs= p;   =20 _/\__/\_           = ;=20             &= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;            = ;    =20 +---+----+          &nb= sp;           &nbs= p;            = ;            =             &= nbsp;           &n= bsp;           &nb= sp;          _/\___/\_<= BR>       =20 /            = =20 \       (eth2) - 192.168.1.200=20 (GTW-192.168.1.1)    |     &= nbsp;   =20 |     (eth0) - 192.168.0.200=20 (GTW-192.168.0.254)         =          / =20            =20 \
       ( Router1 =20 )------------------------------------------------+ Linux=20 box +   =20 ----------------------------------------------------------( Router=20 2 )
        \_  __  = _ =20 /            =             &= nbsp;           &n= bsp;           &nb= sp;   =20             &= nbsp;           &n= bsp;=20 |         |   = ;            =   =20             &= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;            = ;            =      \=20 _  __  _  /
        =     \/ =20  \/           = ;            =             &= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;        =20 +----+---+          =20             =    =20             =    =20             =    =20        =20             &= nbsp;           &n= bsp;    \/     \/ 
&= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;            = ;            =             &= nbsp;           &n= bsp;           &nb= sp;     =20 |        |
          &nbs= p;            = ;            =             &= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;         =20 (eth1) - 192.168.2.1
           &n= bsp;           &nb= sp;           &nbs= p;            = ;            =             &= nbsp;           &n= bsp;      =20    =20 --------------------         = ;            =          
  &nb= sp;=20             =    =20             =    =20             =    =20             =    =20             =    =20            =20 |            =             &= nbsp;  =20 |
       =20             =    =20             =    =20             =    =20             =    =20             =    =20         |    =   LAN=20             &= nbsp; =20 |
       =20             =    =20             =    =20             =    =20             =    =20             =    =20         |Ex:192.168.2.20    = |
       =20             =    =20             =    =20             =    =20             =    =20             =    =20         |  192.168.2.21... =   =20 |
          &nbs= p;            = ;            =             &= nbsp;           &n= bsp;           &nb= sp;           &nbs= p;            = ;-----------------------------
 
Sites I tried: http://lar= tc.org/howto/lartc.rpdb.multiple-links.html
http://www.ssi.bg/~ja/nano.txt
 
THANKS A=20 LOT
------=_NextPart_000_0032_01C41CAD.C0582AA0-- _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/