[LARTC] Simple Mulitple Link Scenario

["Bryan Goodgion" <bgoodgion@cognitivesolutions.com>]

[-- Attachment #1: Type: text/plain, Size: 3393 bytes --]

 
I am trying to set up a network that can accept tcp connections over two
different isp connection.  The ultimate goal is to facilitate the
migration from one ISP to another ISP.  I decided to delve into the
world of Linux Advanced Routing, so I poured over all of the
documentation on the internet.  I have it set up in what I believe to be
the case where it should work, but I can't understand why it doesn't.
Here is the drawing:
 
------------------------                --------------------------
| WAN Router 1 |               |   WAN Router 2 |
------------------------                --------------------------
                    \                  /
                      \              /
                        \          /
                   ---------------------
                  | WAN Switch |
                  ----------------------
                     /               \
                    /                  \
-----------------------              ------------------------
|  Firewall 1      |             |   Firewall 2       |
-----------------------              ------------------------
               \                        /
                 \                     /
                   \                  /
                  -----------------------
                  |  DMZ Switch  |
                  -----------------------
                            |
                            |
                  *---*---*---*---*---*---*
                  |    Linux Router   |
                  *---*---*---*---*---*---*
                            |
                            |
                  ------------------------
                  | Linux Server    |
                  ------------------------
 
 
Here is what I have going.  The router has a single interface that I
have given an IP address on the network space assigned by each ISP.  It
is performing NAT using two DNAT iptables rules for the Linux Server
that is sitting behind it.  The linux router takes $WAN1_IP ->
10.0.2.205 and takes $WAN2_IP -> 10.0.2.206.  I then set up a second
routing table so that I can have two default gateways depending on which
IP I want to take out.  Here are the exact commands I have issued:
 
iptables -t nat -A PREROUTING -j DNAT -dst $WAN1_IP to 10.0.2.205
iptables -t nat -A PREROUTING -j DNAT -dst $WAN2_IP to 10.0.2.205
ip route show table main | grep -Ev ^default \
>     | while read ROUTE ; do
>       ip route add table 4 $ROUTE
> done
ip route add default via $FIREWALL2_IP
ip route add default via $FIREWALL1_IP table 4
ip rule add from $WAN1_SUBNET table 4
 
After completing this setup,  I am able to traceroute -s $WAN1_IP and
see it go out the WAN1 side and traceroute -s $WAN2_IP and see it go out
WAN2.  I am also able to use the ip route get command and everything
works as I expect it to work.  My first failure occurred when I tried to
create a tcp connection from the internet.  It works coming in on
$WAN2_IP and fails using $WAN1_IP.  The problem is that when I watch a
dump of the outgoing packets while trying to bring up a tcp connection
to $WAN1_IP, I see the packets coming in and then I see the reply going
out to the MAC address of $FIREWALL2 instead of the MAC address of
$FIREWALL1 as it should and thus the connection fails.  Any ideas?
Thanks in advance.
 
Bryan 
 
 
 
 
 
Bryan Goodgion
Cognitive Solutions, Inc.
813.286.4000 ext 103
 

[-- Attachment #2: Type: text/html, Size: 23165 bytes --]