Has anyone of you set up a NAT server connecting to more than one ISP?
We are switching isp's and I wanted to avoid downtime by using both networks
simultaneously for some time.
My preliminary findings:
I have two cards connected to cable modems and have read the brillant
Linux Advanced Routing and Traffic Control Howto, which explains how to
set up a linux machine to connect to more than one ISP, however, it
starts from scratch using the iproute package. I have handled the NAT
of my internal network with the ipmasq debian package and I like not
having to write every rule by hand (especially when a ppp link comes
up, which is the case for me with vpn connections). I'm not worried about
load balancing or anything like that yet, I would only like to be visible
on both networks and route all masqeraded traffic through one of the links.
So what do you suggest, should I 1) Write everything by hand, not using ipmasq, 2) Extend ipmasq's rules somehow to fire the routing tables up correctly 3) Just run a script after ipmasq to introduce
For your information, that's how far I came:
root# ip route show xx.yy.zz.16/29 dev eth2 proto kernel scope link src xx.yy.zz.17 aa.bb.cc.160/28 dev eth0 proto kernel scope link src aa.bb.cc.162 10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.1 default via aa.bb.cc.161 dev eth0
I tried introducing a second default route:
default via xx.yy.zz.22 dev eth2 src xx.yy.zz.17
The second default route is never reached, so my idea of avoiding routing tables using a src for the gateway didn't work. Swapping the default routes gets eth2 pinging but eth0 switches off. I can see the pings on the card without a default gateway attached coming in (with tcpdump) but the kernel seems to reply the ping on the default gateway.
root# grep eth0 /etc/ipmasq/rules/A01precompute.rul export EXTERNAL="eth0 eth2"
[blue:~] root# ifconfig
eth0 Link encap:Ethernet HWaddr 00:04:75:AD:6B:C9
inet addr:aa.bb.cc.162 Bcast: aa.bb.cc.175 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3249800 errors:0 dropped:0 overruns:0 frame:0
TX packets:3410039 errors:0 dropped:0 overruns:0 carrier:42
collisions:7905
RX bytes:1235492433 (1.1 GiB) TX bytes:1549390655 (1.4 GiB)
eth1 Link encap:Ethernet HWaddr 00:04:76:0E:C1:1D
inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
EtherTalk Phase 2 addr:65280/113
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5240114 errors:0 dropped:0 overruns:1 frame:0
TX packets:4930194 errors:0 dropped:0 overruns:0 carrier:1579
collisions:0
RX bytes:2028758870 (1.8 GiB) TX bytes:1876902432 (1.7 GiB)eth2 Link encap:Ethernet HWaddr 00:D0:B7:79:51:9F
inet addr: xx.yy.zz.17 Bcast: xx.yy.zz.23 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11565 errors:0 dropped:0 overruns:0 frame:0
TX packets:3579 errors:0 dropped:0 overruns:0 carrier:0
collisions:1
RX bytes:3456804 (3.2 MiB) TX bytes:458136 (447.3 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
EtherTalk Phase 2 addr:0/0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1083536 errors:0 dropped:0 overruns:0 frame:0
TX packets:1083536 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:139937541 (133.4 MiB) TX bytes:139937541 (133.4 MiB)Thank you for your help.
