* [LARTC] setup fail-over with redhat9...
@ 2004-04-07 17:36 Cristiano Soares
2004-04-08 6:58 ` Damion de Soto
0 siblings, 1 reply; 2+ messages in thread
From: Cristiano Soares @ 2004-04-07 17:36 UTC (permalink / raw)
To: lartc
[-- Attachment #1: Type: text/plain, Size: 3777 bytes --]
Hi. Im now decribeing my problem very clearly to see if anyone could help me.
I have 3 (three) nics in my system.
1 is for my internet network - (eth1)
2 are for my 2 adsl lines that i use to connect to the internet (eth2 is my "master" adsl line) and (eth0 is my "slave" adsl line).
I know that to make redundance work ill have to setup the ip route and ip rule in my system. To do that, i found a bash script called "NETSANE - http://muse.linuxmafia.org/netsane/". I have to change somethings like interface of the first and second lines in netsane.conf. So, i did all the changes needed. Looking good so far, i can ping outside sites the both eth2 and eth0 doing "ping -I eth# www.kernel.org", i dont have a "default route" and etc.
Ok, now goes the worse part. I cant MASQUERADE the connection to my internal network, and even if i could, will redundance work if the first interface fails? I dont think so. Because i tried a normal ping (ping www.kernel.org) and it always goes through eth2, even the i unplug the adsl line from the router/modem to simulate a down link.
I believe that should be an IPTABLES configuration to make NAT work with redundance, not the usual below:
#!/bin/sh
IPTABLES=/sbin/iptables
#All The lines below are NAT routing
# flush any old rules
$IPTABLES -F -t nat
# turn on NAT (IP masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
# enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward
Im using the rc.firewall-2.4 right now, and it clearly doesnt work with redundance.
Here is my network.
LAN
_/\__/\_ +---+----+ _/\___/\_
/ \ (eth2) - 192.168.1.200 (GTW-192.168.1.1) | | (eth0) - 192.168.0.200 (GTW-192.168.0.254) / \
( Router1 )------------------------------------------------+ Linux box + ----------------------------------------------------------( Router 2 )
\_ __ _ / | | \ _ __ _ /
\/ \/ +----+---+ \/ \/
| |
(eth1) - 192.168.2.1
--------------------
| |
| LAN |
|Ex:192.168.2.20 |
| 192.168.2.21... |
-----------------------------
Sites I tried: http://lartc.org/howto/lartc.rpdb.multiple-links.html
http://www.ssi.bg/~ja/nano.txt
THANKS A LOT
[-- Attachment #2: Type: text/html, Size: 13180 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [LARTC] setup fail-over with redhat9...
2004-04-07 17:36 [LARTC] setup fail-over with redhat9 Cristiano Soares
@ 2004-04-08 6:58 ` Damion de Soto
0 siblings, 0 replies; 2+ messages in thread
From: Damion de Soto @ 2004-04-08 6:58 UTC (permalink / raw)
To: lartc
Hi Cristiano,
> I know that to make redundance work ill have to setup the ip route and
> ip rule in my system. To do that, i found a bash script called "NETSANE
> - http://muse.linuxmafia.org/netsane/". I have to change somethings like
> interface of the first and second lines in netsane.conf. So, i did all
> the changes needed. Looking good so far, i can ping outside sites the
> both eth2 and eth0 doing "ping -I eth# www.kernel.org", i dont have a
> "default route" and etc.
ok, that's good.
> Ok, now goes the worse part. I cant MASQUERADE the connection to my
> internal network, and even if i could, will redundance work if the first
> interface fails? I dont think so.
No, as the netsane webpage says, it does not provide redundancy.
> Because i tried a normal ping (ping
> www.kernel.org <http://www.kernel.org>) and it always goes through eth2,
> even the i unplug the adsl line from the router/modem to simulate a down
> link.
Yes, your packet routes get cached by the kernel. Eventually, it will realise that
route is dead, and has a 50% chance of getting out the other active interface.
> I believe that should be an IPTABLES configuration to make NAT work with
> redundance, not the usual below:
> # turn on NAT (IP masquerading for outgoing packets)
> $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
#you will want to masquerade out eth2 as well.
$IPTABLES -A POSTROUTING -t nat -o eth2 -j MASQUERADE
> Im using the rc.firewall-2.4 right now, and it clearly doesnt work with
> redundance.
As far as I know, the only way you can get fail-over/redundancy, is to have a program
continually monitor both links, and bring up/down the interfaces and change the
routes as required.
You should be able to write a shell script that pings out eth2, and if it doesn't get
a reply, brings down that interface and fixes the routes.
Then, wait, try again later and see if eth2 is working again.
Regards,
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Damion de Soto - Software Engineer email: damion@snapgear.com
SnapGear - A CyberGuard Company --- ph: +61 7 3435 2809
| Custom Embedded Solutions fax: +61 7 3891 3630
| and Security Appliances web: http://www.snapgear.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--- Free Embedded Linux Distro at http://www.snapgear.org ---
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-04-08 6:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-04-07 17:36 [LARTC] setup fail-over with redhat9 Cristiano Soares
2004-04-08 6:58 ` Damion de Soto
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox