[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Two gateways on same network



On Thu, Dec 07, 2006 at 08:22:09PM +0200, Hans du Plooy wrote:

> I'm thinking something like this:

> ip rule add from 192.168.1.18 table eth1
> ip route add table eth1 via 192.168.1.1 dev eth1

> Where eth0 is 192.168.1.17 with gateway 192.168.1.6 and 
>       eth1 is 192.168.1.18 with gateway 192.168.1.1

> This worked fine with two public IPs on the same network, with the same
> gateway (colo provider gave me two IPs), but I'm not sure how being
> behind two natting firewalls would impact this.  I also don't have
> physical access to the box, so I've got to do it right first time :-)

I'm not sure off the top of my head about the ip rule settings, but
I suspect that using the 'from' match won't also match the outgoings.

What I'd suggest doing is using netfilter and connmark to put a mark
on any connectiong coming in on eth1, and use _that_ in your ip rule
(fwmark) to send replies out via the backup gateway.

The disadvantage of this is you have to keep an eye on the various
parameters of conntrack to be sure you don't run out of conntrack table
entries (the default size is surprisingly low, and the lifetimes for
connections tend towards high when we're only talking about SMTP)

Also, this won't work for udp unless a conntrack helper catches it,
but again that's not a huge issue for SMTP.

Then when your default gw goes down, you just change the system's
default gateway to be the backup gateway on eth1, and change it back
when it's back up. Nice and easy. ^_^

-- 
-----------------------------------------------------------
Paul "TBBle" Hampson, B.Sc, LPI, MCSE
On-hiatus Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson@Pobox.Com

Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.
 -- Kristian Wilson, Nintendo, Inc, 1989

License: http://creativecommons.org/licenses/by/2.1/au/
-----------------------------------------------------------

Attachment: pgp0oKlF8z9Th.pgp
Description: PGP signature


Reply to: