Gentlefolk,
First, many thanks to EVERYONE that tries so hard to make this advanced
routing stuff useful to the "...rest of us"! You all rock!
I have been prowling the archives of this list for an answer to my
problem, and have seen some close situations, but no joy. Yet.
I've got a relatively simple setup I'm trying to get working: we've got
a public-access network with 90 or so clients and I'd like to route all their
traffic over a 3 Mbps DSL line - except when that goes down, then I'd like to
fall over to our T1.
So I'm working on a Debian box in hopes that it will act as a router
for
this public subnet like so:
ppp0 DSL IP (via PPPoe)
eth1 192.168.1.0 (Public subnet)
eth2 XX.XX.XX.XX (Our DMZ)
I've downloaded the 2.4.31 kernel source, patched it with the
Julianpatches and read nano.txt about 8 times.
I am SNATing the outgoing traffic to the appropriate address with
iptables depending on the interface like so,
iptables -t nat -A POSTROUTING -s $NATNET -o ppp0 -j SNAT --to $DSL
iptables -t nat -A POSTROUTING -s $NATNET -o eth2 -j SNAT --to $WRL
I made sure to include the stateful iptables statements as they appear
in nano.txt.
I worked extensively with mpath2.sh and have since cobbled together a
script a la nano.txt, with the associated ping script to test routes by pinging
each of the two gateways every 60 seconds.
When initially running the script it sets up the tables just the way
one
would expect and everything works great. Clients are happy and can access
the web at blazing speed. When the DSL line goes down, however,
the routing table doesn't change to reflect the T1 gateway and the clients are
dead in the water - no pinging of hosts not directly connected to the router
box
and no web traffic even though domain names are resolving.
When the DSL line comes back up that route is used instantly and the
clients are all happy again.
So I'm clearly missing something.
I include some info below, and I'm happy to get more specific upon
request, I just don't want to flood the list.
Can anyone suggest other things I can check?
I'm grateful for any help anyone can take the time to offer!
[EMAIL PROTECTED]:~# ip rule
0: from all lookup local
50: from all lookup main
201: from (Correct DSL IP address) lookup 201
202: from (Correct DMZ network) lookup 202
222: from all lookup 222
32766: from all lookup main
32767: from all lookup default
(When DSL is UP)
[EMAIL PROTECTED]:~# ip route get 204.152.189.113
204.152.189.113 via (DSL gateway) dev ppp0 src (DSL IP address)
cache mtu 1492 advmss 1452
(When DSL is DOWN)
[EMAIL PROTECTED]:~# ip route get 204.152.189.113
RTNETLINK answers: Network is unreachable
--
********************************************************************
Brett Charbeneau
Network Administrator
Williamsburg Regional Library
7770 Croaker Road
Williamsburg, VA 23188-7064
(757)259-4044 www.wrl.org
(757)259-4079 (fax) brett at wrl.org
********************************************************************
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
