Hans Middelhoek.nl
2005-Jul-28 16:07 UTC
multiple uplinks works on linux router but not on clients
Hello,
I''m trying to achieve the following.
2 ISP''s and 1 LAN with failover. So, when 1 internet connection fails
the other need to take over. I''m aware of the restrictions. The current
sessions are lost.
I did this before, one and a half year ago or something. But at that router
wasn''t failover. Now i''ve read the nano howto and followed it.
I''m using Debian with kernel 2.6.12-3 patched with Julian
Anastasov''s routes patch. This integrated failover functionality. I
need to say. It works great on the machine itself. Everytime I start a
traceroute another link will be used. When I unplug an internet link, all of my
traceroutes uses the internet connections which are up. When I re-plug the
internet link my traceroutes will use the one again.
This is how it needs to be, also for the connected pc''s. But
that''s not working. All traceroutes on client machine are going through
the same router: 192.168.20.1->192.168.32.1->internet
I used following firewall rules, but that shouldn''t be the problem:
iptables -t filter -N keep_state
iptables -t filter -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A keep_state -j RETURN
iptables -t nat -N keep_state
iptables -t nat -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A keep_state -j RETURN
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.20.0/24 -j SNAT --to
192.168.1.240
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.20.0/24 -j SNAT --to
10.0.0.240
iptables -t nat -A POSTROUTING -o eth3 -s 192.168.20.0/24 -j SNAT --to
192.168.32.240
iptables -t nat -A PREROUTING -j keep_state
iptables -t nat -A POSTROUTING -j keep_state
iptables -t nat -A OUTPUT -j keep_state
iptables -t filter -A INPUT -j keep_state
iptables -t filter -A FORWARD -j keep_state
iptables -t filter -A OUTPUT -j keep_state
It looks like the problem comes from my multi route table 222. When I change the
order of the devices in the multiroute rule all of my traceroutes on the clients
are using the last nexthop via. I''m using three eth''s as
external interfaces and always the last one in my multihop route will be used by
my workstations.
Setup:
ip rule ls
0: from all lookup local
50: from all lookup main
201: from 192.168.1.0/24 lookup 201
202: from 10.0.0.0/24 lookup 202
203: from 192.168.32.0/24 lookup 203
222: from all lookup 222
32766: from all lookup main
32767: from all lookup default
ip ro s t 222
default proto static
nexthop via 192.168.1.1 dev eth1 weight 1
nexthop via 10.0.0.138 dev eth2 weight 1
nexthop via 192.168.32.1 dev eth3 weight 1
ip ro s t 201
default via 192.168.1.1 dev eth1 proto static src 192.168.1.240
prohibit default proto static metric 1
ip ro s t 202
default via 10.0.0.138 dev eth2 proto static src 10.0.0.240
prohibit default proto static metric 1
ip ro s t 203
default via 192.168.32.1 dev eth3 proto static src 192.168.32.240
prohibit default proto static metric 1
Well, I think you have all the information. What I want to do is simply routing
on multiple interfaces. No queue based routing or something. Linux may just
choose which route is going to be used.
Thanks for your help in advance.
Kind regards,
Hans Middelhoek
Netherlands
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hans Middelhoek.nl
2005-Jul-28 18:22 UTC
multiple uplinks works on linux router but not on clients
Hi, I''ve been testing the whole time and found some interesting information. Obviously I haven''t compiled the kernel very well. I booted the machine in it''s old kernel, 2.6.8-2 and now the pc''s in my network are using all internet interfaces. I see that with a traceroute. What did I do wrong in compiling and patching the kernel. Probably I missed an important setting in the kernel configuration, but which? It''s the first time for me I compiled a kernel and it was very though to have it working. I got a lot of errors during the first tries. Later on, compiling succeeded without any errors, so I thought it was working fine. I can see that the patch applied, because failover works, but there is something else what doesn''t work ad it should. Who understand this strange problem? thnx.