On Thu, Dec 07, 2006 at 08:22:09PM +0200, Hans du Plooy wrote: > I'm thinking something like this: > ip rule add from 192.168.1.18 table eth1 > ip route add table eth1 via 192.168.1.1 dev eth1 > Where eth0 is 192.168.1.17 with gateway 192.168.1.6 and > eth1 is 192.168.1.18 with gateway 192.168.1.1 > This worked fine with two public IPs on the same network, with the same > gateway (colo provider gave me two IPs), but I'm not sure how being > behind two natting firewalls would impact this. I also don't have > physical access to the box, so I've got to do it right first time :-) I'm not sure off the top of my head about the ip rule settings, but I suspect that using the 'from' match won't also match the outgoings. What I'd suggest doing is using netfilter and connmark to put a mark on any connectiong coming in on eth1, and use _that_ in your ip rule (fwmark) to send replies out via the backup gateway. The disadvantage of this is you have to keep an eye on the various parameters of conntrack to be sure you don't run out of conntrack table entries (the default size is surprisingly low, and the lifetimes for connections tend towards high when we're only talking about SMTP) Also, this won't work for udp unless a conntrack helper catches it, but again that's not a huge issue for SMTP. Then when your default gw goes down, you just change the system's default gateway to be the backup gateway on eth1, and change it back when it's back up. Nice and easy. ^_^ -- ----------------------------------------------------------- Paul "TBBle" Hampson, B.Sc, LPI, MCSE On-hiatus Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) Paul.Hampson@Pobox.Com Of course Pacman didn't influence us as kids. If it did, we'd be running around in darkened rooms, popping pills and listening to repetitive music. -- Kristian Wilson, Nintendo, Inc, 1989 License: http://creativecommons.org/licenses/by/2.1/au/ -----------------------------------------------------------
Attachment:
pgp8_v8xrq5US.pgp
Description: PGP signature