Linux Advanced Routing and Traffic Control list
 help / color / mirror / Atom feed
From: Bob Beers <bbeers@edgeaccess.net>
To: lartc@vger.kernel.org
Subject: [LARTC] two WANs one LAN
Date: Mon, 19 Apr 2004 17:47:24 +0000	[thread overview]
Message-ID: <408410AC.1070304@edgeaccess.net> (raw)

Hello list,

I want a set-up with a satellite link (eth0) and a cellular cdma
  link (ppp0) coming into a linux box with a LAN (eth1 or wlan0)
  to be able to route first through the satellite when it's on, or
  else the cdma when it's in range.  Load sharing is not critical,
  but it would be nice.  The satellite has a static IP, the cdma
  is dynamic.  Both WANs are NAT'd public IPs.  The private LAN
  will be SNAT'd or MASQ'd for access to the internet.

To simplify the situation, I'm simulating the real situation with
  three ethX's.  I have two independant ISPs (static public IPs) and
  a linux laptop connected via cross-over to the LAN interface.

This is not a new question, but I have done this:
  I checked the mailing list archives, applied the patches
[http://www.ssi.bg/~ja/#routes-2.4]
  to a 2.4.26 kernel, and read (and applied) the commands from
[http://www.ssi.bg/~ja/nano.txt],
  and set up a bash script to ping via my two WAN interfaces once
per minute.

But I've done something wrong, obviously(?).

I suspect a typo or other oversight, but haven't found it yet.

Here are my settings:

root@scyther:~# uname -a
Linux scyther 2.4.26 #2 Fri Apr 16 18:17:31 EDT 2004 i586 unknown unknown GNU/Linux
root@scyther:~# lsmod
Module                  Size  Used by    Not tainted
ipt_state                472   2  (autoclean)
iptable_nat            16280   1  (autoclean)
ip_conntrack           19944   0  (autoclean) [ipt_state iptable_nat]
iptable_filter          1612   1  (autoclean)
8139too                13576   1
mii                     2304   0  [8139too]
tulip                  40832   2
root@scyther:~# ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
     link/ether 00:80:c8:f8:24:1d brd ff:ff:ff:ff:ff:ff
     inet aa.bb.23.183/27 brd aa.bb.23.195 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
     link/ether 00:80:c8:f8:24:1e brd ff:ff:ff:ff:ff:ff
     inet cc.dd.69.83/27 brd cc.dd.69.95 scope global eth1
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
     link/ether 00:80:c8:f8:24:1f brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
     link/ether 00:80:c8:f8:24:20 brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
     link/ether 00:e0:f4:11:52:43 brd ff:ff:ff:ff:ff:ff
     inet 192.168.10.1/24 brd 192.168.10.255 scope global eth4
root@scyther:~# ip rule
0:      from all lookup local
50:     from all lookup main
201:    from aa.bb.23.160/27 lookup 201
202:    from cc.dd.69.83/27 lookup 202
222:    from all lookup 222
32766:  from all lookup main
32767:  from all lookup default
root@scyther:~# ip route
aa.bb.23.160/27 dev eth0  proto kernel  scope link  src aa.bb.23.183
cc.dd.69.64/27 dev eth1  proto kernel  scope link  src cc.dd.69.83
192.168.10.0/24 dev eth4  proto kernel  scope link  src 192.168.10.1
root@scyther:~# ip route show table 201
default via aa.bb.23.161 dev eth0  proto static  src aa.bb.23.183
prohibit default  proto static  metric 1
root@scyther:~# ip route show table 202
default via cc.dd.69.94 dev eth1  proto static  src cc.dd.69.83
prohibit default  proto static  metric 1
root@scyther:~# ip route show table 222
default  proto static
         nexthop via aa.bb.23.161  dev eth0 weight 1
         nexthop via cc.dd.69.94  dev eth1 weight 1
root@scyther:~# cat ping-daemon.sh
#!/bin/sh
#
# ping on interfaces to keep kernel happy
#

while : ; do
         ping -c 1 aa.bb.23.161 > /dev/null 2>&1
         ping -c 1 cc.dd.69.94 > /dev/null 2>&1
         sleep 60
done
root@scyther:~#
root@scyther:~# iptables -v -L
Chain INPUT (policy ACCEPT 1251 packets, 83120 bytes)
  pkts bytes target     prot opt in     out     source               destination
10141 1037K keep_state  all  --  any    any     anywhere             anywhere

Chain FORWARD (policy ACCEPT 824 packets, 68747 bytes)
  pkts bytes target     prot opt in     out     source               destination
  1416  142K keep_state  all  --  any    any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 7859 packets, 653K bytes)
  pkts bytes target     prot opt in     out     source               destination
16864 1625K keep_state  all  --  any    any     anywhere             anywhere

Chain keep_state (3 references)
  pkts bytes target     prot opt in     out     source               destination
18487 2000K ACCEPT     all  --  any    any     anywhere             anywhere 
        state RELATED,ESTABLISHED
  9934  804K RETURN     all  --  any    any     anywhere             anywhere
root@scyther:~# iptables -v -L -t nat
Chain PREROUTING (policy ACCEPT 1391 packets, 78477 bytes)
  pkts bytes target     prot opt in     out     source               destination
  1391 78477 keep_state  all  --  any    any     anywhere             anywhere

Chain POSTROUTING (policy ACCEPT 7246 packets, 608K bytes)
  pkts bytes target     prot opt in     out     source               destination
     3   227 SNAT       all  --  any    eth0    invalid.168.192.in-addr.arpa/24 
  anywhere           to:aa.bb.23.183
   209 17307 SNAT       all  --  any    eth1    invalid.168.192.in-addr.arpa/24 
  anywhere           to:cc.dd.69.83
  7246  608K keep_state  all  --  any    any     anywhere             anywhere

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination
     0     0 keep_state  all  --  any    any     anywhere             anywhere

Chain keep_state (3 references)
  pkts bytes target     prot opt in     out     source               destination
     0     0 ACCEPT     all  --  any    any     anywhere             anywhere 
         state RELATED,ESTABLISHED
  8637  687K RETURN     all  --  any    any     anywhere             anywhere
root@scyther:~#

 From the laptop on the private network, I can ping both WAN interfaces,
  but only can ping out through one of them (currently cc.dd).  I can browse to
  the internet, but if I pull the cable on the interface, I don't seem to
  switch to the other.  What should I be checking for to figure this out.

Thanks for any help.
-- 
Bob Beers

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

                 reply	other threads:[~2004-04-19 17:47 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=408410AC.1070304@edgeaccess.net \
    --to=bbeers@edgeaccess.net \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox