Re: two router one host
On Thursday 15 January 2004 12:40, Leonardo Boselli wrote:
> I have got a second connection.
> My server is in one class C subnet, say a.b.c.d with a default gateway
> I have added a second connection eth1 g.f.e.246/30 (whose router, you
> can guess, is g.f.e.245) .
> Of course with this setup i can only access the router via the second NIC.
> If i add a second default route it end always using the second nic, it
> works for some addresses, but not for most: it looks that some host use the
> "other" route and the packet are not answered .
If a.b.c.1 is your default gateway and someone on the Internet connects to
g.f.e.246 then there is a problem. Your firewall will respond by sending the
reply packets to it's default route, this will not work well (or at all
depending on your ISP).
You need to use the iproute utility to create multiple routing tables and a
few routing rules. There are probably many ways to arrange your rules but
here is the style that I stick to:
First create a routing table for each connection (5 and 10 are randomly chosen
ip route add default via a.b.c.1 table 5
ip route add default via g.f.e.245 table 10
Next create some rules to ensure that local traffic stays local:
ip rule add to a.b.c.0/24 lookup main pri 100
ip rule add to g.f.e.246/30 lookup main pri 100
Now create some rules based on source address so that you're outgoing packets
get sent to the correct router:
ip rule add from a.b.c.0/24 lookup 5 pri 200
ip rule add from g.f.e.246/30 lookup 10 pri 200
Flush routing cache so that rules take immediate effect:
ip route flush cache
> I fear that it sends packets via eth1 with a.b.c.d address.
Yes it does. If you find out the MAC address of your routers you can use
tcpdump in conjunction with a filter (by MAC address) to confirm that.
> What is the setup i have to add to have it working correctly.
> Also is there a script to change default route from one NIC to the Other if
> the connection is broken ?
Depends on what you're doing but you probably won't need a script once ip
routing is setup correctly. Documents are at http://www.lartc.org/ IIRC.
Fraser Campbell <email@example.com> http://www.wehave.net/
Georgetown, Ontario, Canada Debian GNU/Linux