hi ya aphro/phil
this same almost exact same concept just went thru the firewall
mailing list....
- same conclusions...
their ideas is to let the routers do the NATing
and "Load balance the external routes using EIGRP or OSPF"
search the firewall archives for:
http://lists.gnac.net/firewalls/archive.html
....
"Date: Tue, 10 Jul 2001 09:59:08 +1000"
"Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>"
"Subject: RE: Multi-homed Internet connection"
....
oh well
alvin
i guess i'm stubborn... i dont see why a laptop can
make a connection via ppp and/or eth0 if in the office...
with the same fixed routing table...
- the laptop connects thru either one...( the one that works ? )
in this case...we have 2 T1 wires...should be similar network issue...
but its not....
On Mon, 9 Jul 2001, Phil Brutsche wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A long time ago, in a galaxy far, far way, someone said...
>
> > hi.
> >
> > i have this setup on 2 machines
> >
> >
> > Machine A
> > \ eth0 ---> Switch --> Router A(65.xxx.xx.x.x) --> Internet
> > \ eth1 --> Switch --> Router B (63.xx.x.x.x.x) --> Internet
> >
> > Machine B
> > \ eth0 --> Switch --> Router A (65.xx.x.x.x.x) --> internet
> > \ eth1 --> Switch --> Router B (63.xx.x.x.x) --> internet
> >
> > what i can't figure out is how to get it so if one route fails it will
> > take the other.
>
> Generally BGP is the way to do it. However, unless you have a /24- sized
> address space assigned by ICANN or whoever does it these days people won't
> even talk to you.
>
> > i have routed installed but im not sure if it will do what i want.
>
> I think it can but only if your routers send out RIP packets :) If they
> don't, can't, or whatever then routed obviously won't work.
>
> > what i have:
> >
> > /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw MY_GATEWAY metric 0
> > /sbin/route add -net 0.0.0.0 netmask 0.0.0.0 gw ALT_GATEWAY metric 1
> >
> >
> > so i ssh to a machien it shows me comming from MY_GATEWAY's ip
> > network. so i unplug the router, and try to ssh. nothing. try
> > to ping using -i, nothing. once i remove the route to MY_GATEWAY
> > i can ping/ssh again. each interface has a different IP address.
> > its not really multihomed in the sense that to the outside world
> > i have 1 ip address and it can be reached through either provider
> > (2 different T1 providers) i just want failover route setup.
>
> For incoming traffic (ie redundancy for a mail server) or outgoing
> traffic?
>
> If you want redundancy for outgoing traffic I would think your trick with
> routes above would work. But they don't... unless you forgot a step.
> Try setting "spoofprotect=no" in /etc/network/options, reboot, and try
> again.
>
> If *that* doesn't work, I'm sorry to say that you're out of luck :(
> Anything else you can come up with is a pure hack and prone to failure.
>
> Incoming traffic is much easier :) Install the iproute2 package and read
> the Advanced Routing HOWTO, particularly the bit about policy routing.
>
> [...]
>
> > oh and im running debian 2.2r3/linux.2.2.19 on 1 machine
> > and debian testing(a month or so old) with 2.2.19 on the
> > other.
> >
> > maybe there is another 'routing daemon' that i could use?
>
> GNU Zebra but it needs RIP (which you can't get) or BGP to work.
>
> - --
> - ----------------------------------------------------------------------
> Phil Brutsche [EMAIL PROTECTED]
>
> GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC
> GPG key id: 50DE1CFC
> GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: Made with pgp4pine
>
> iD8DBQE7SlID/ZTSZFDeHPwRAhhIAJsGjgYPTe8tuh4Ljlwrsx5/sJFBkwCeILn1
> zIE07nEMKIHBZ5/KuvdjBPA=
> =Btfd
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
