[ale] Odd network setup w/ iptables NAT routing

James Sumners james.sumners at gmail.com
Tue Jul 13 14:35:33 EDT 2010


I suppose that would depend on the distribution and the qualification
for "down" on the external link. On Debian there is the
`/etc/network/if-post-down.d/` directory which contains scripts to
execute when interfaces are taken down. If that isn't the case, then I
think a regular poll to the external network would be the best option.
If you can't ping the gateway it's a pretty sure bet that you can't do
anything else.

When you do find that the network is down, wouldn't it be easy to
flush the iptables rules for the old route and restore the rules for
the new route? That could surely be scripted easily.

What about bridging the two networks into one? Then the remote routers
should take care of things.

On Tue, Jul 13, 2010 at 1:53 PM, Michael B. Trausch <mike at trausch.us> wrote:
> Okay, so I am stuck on this.
>
> I have a (private) network that is 172.16.3.0/24.  It is connected to a
> Linux box running iptables, which handles the NAT routing for this
> private network.  Of course, getting this setup with a single connection
> to an ISP is easy stuff, and that's the way that the network is
> currently running.
>
> However, what we want to do is have this system setup with two
> connections to two ISPs.  Well, it is currently, but I have to do a lot
> of manual work to switch it over from the primary to secondary
> connection when the primary connection goes down.  I don't want to do
> that (obviously).
>
> What I don't really know how to do is make this happen automatically.
> I'd like it such that if the default route appears to be down, the
> system automatically tries to use a second default route.  However, if I
> add two default routes to the routing table (with the secondary route
> having a higher "metric" setting), nothing seems to work at all in terms
> of connectivity beyond the firewall system.
>
> Of course, the ideal thing here would be to have an IP that could be
> moved between ISPs, but I cannot do that.  Oh, and to complicate matters
> a bit, this network has two /29 allocations, one from each ISP.
> Updating DNS is trivial when the network switchover has to happen, so
> I'm not worried about that problem.  The real issue is to try to figure
> out when the currently active connection goes down, how to detect this
> automatically and switch over to the other connection and then run a
> script that will trigger all of the other necessary things like DNS
> updates to point new requests to the new IP addresses on the other
> connection for the few services that are run on the network.
>
> Any ideas?  Am I missing something blatantly stupid and obvious?  :)
>
>        --- Mike
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59



More information about the Ale mailing list