Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I just got our second internet connection setup today and am having trouble getting it to co-exist with the first provider.
I want to route most of the LAN through ISP1 and 3 clients on the same LAN through the other.
I can't even get to point of making the shorewall rules to do this as I can't get the second ISP to work on the firewall. I did test it using a laptop and know it works. Here is what I have done so far:
eth1 is ISP1, eth2 is ISP2 and eth0 is the LAN. (I fudged my IP's a bit for security sakes)
In my /etc/network/interfaces file I have this:
# The loopback network interface
auto lo eth1 eth2 eth0
iface lo inet loopback
I tried commenting out gateway in eth2 and that got eth1 working again. WHen I did the above with 2 gateways none worked.
I have read the great article on multiple providers from LARTC but it is using low level calls directly like ip route add . I am trying to do this within the confines of Ubuntu's config files. I also don't see why everything stopped working when I had gateway defined for eth1 and eth2.
I use shorewall for my firewall config and currently use MASQ to NAT eth0 to eth1. I am sure I'll have to add more rules, zones and MASQ entries to route the 3 clients on the LAN through ISP 2. I have to get the networking stuff working first which is my first hurdle.
If anyone can see what I am doing wrong above, what else I should be doing, etc. I would really appreciate the help.
Oh, I should also mention I use webmin to configure my interfaces / shorewall, etc. if that matters. I am sure it is doing stuff for me I don't know about that may be the cause of my troubles. I noticed the routes page has both networks listed yet I didn't explicitly set them. I assume either webmin did this for me or the Linux networking system figures this out itself based on the settings in my interaces file above... not sure.
I tried to just use the LARTC guide as is and do it by hand to start with to make sure it works and I had no luck at all. I followed their guide to the letter and the original ISP still works but the new ISP won't. When I ping the gateway of ISP 2 I get destination host unreachable - alot of them very fast - it flies up the screen - about 30,000 per second. I put the connection into my laptop directly to verify it works and it does.
Anyone know what might be the cause? I followed the LARTC guide to the letter and really expected this to work. I do use IPTables for routing my LAN traffic - could this be causing issues? Do those rules now need to change because of my multi routing tables and iprules to pick the right table based on src?
Hey i`ve setup something like this at home, and followed the lartc guide and i worked for me ( more or less )
It works quite ok but after some time YIM disconnects from the Yahoo server and that is all the trouble i am having.
basicly you have to do:
2 tables ( 2 isp`s ) i have 3 of them
default gateway for each of the table
and from there you can EITHER
use a multiroute default gateway ( i use it this way )
or use a [ip rule add from *** via] rule
it`s more complex than this but the lartc should do the work.
Oh and by the way when 1 isp dies you gotta have a scrips that detectes that OR ELSE it won`t work correctly!
Ohh and remember to use SNAT on the outgoing interface ( -o eth3,tap4, etc )
for each of the interface
not just use SNAT --to
Last edited by naghi32; 02-04-2009 at 10:03 AM.
Well i kinda doubt about the NIC not working properly, but for your sake do test it.
Oh and remember to add all the IP-s u have on each of the table or else you won`t be able to reach the router itself ( ie:via ssh).
If you properly setup firewall and routes you should be able to reach isp2 gateway with no problem ( remember to use -I ethX if without it doesn`t work )
Do I have to do anything with the LAN adapter and addresses? I have the LAN using 192.168.1.0/24. Does this also need to be added to each routing table?
I didn't do that.
Also, I don't have a gateway defined for this LAN either. I have 2 default gateways - 1 for each provider and no gateway defined for the LAN. It has always worked with 1 provider using this configuration though.
When I created the 2 new routing tables. I only added ISP1 info to T1 and ISP2 info for T2. I then used ip rules to indicate which table a network / IP should use. Are you saying I should add both adapter routes to each table? basically duplicating the information across all tables?
Also, should I do anything special for the default main routing table? I only have the first ISP in this one. I thought LARTC indicated this is for your preferred provider only.
No ! not duplicate gateways
basicly what you have to doo
each table it`s own gateway
but you gotta add the local class ip`s to each table so that from any table they can reach each other, even if the routing will work, i had trouble reaching the router if i did not add those routes.
I doubt webmin will do these kind of things altough i have not used it that much.
You should put those commands on a script ( you know how to build a bash script i`m sure )
, make it executable and put it on a boot file
for my slackware machine i use it in /etc/rc.d/rc.local
that`s an example i`m sure it`s not there for you.
This is such an advanced item to be doing and getting help or finding docs is difficult.
I did everything from LARTC and from your advice and it still doesn't work. I am going to add a new NIC tomorrow to see if that is my problem. I really expected this to work from my initial attempt... at least from the firewall itself so there must be something wrong with the NIC.. or the driver for that card. It is some internal broadcom card. My other 2 cards are Intel Gb NICS and they work great so I'll throw another one in and see if this helps the situation.
A common, & IMNRHO abused, way is to put them inside "Code:" tags. (Ask if you don't understand what "Code:" tags are.) Unless they are short, this clutters the thread & destroys the continuity of you narrative of the problem. Also, if they are more than about 80 columns wide, they can f' up the display of the entire thread in some browsers, notably Konqueror 3.x.y, by triggering horizontal scrolling.
I was doing everything I was supposed to. The problem was actually with IPTables. I noticed I didn't have a default policy allowing $FW to ISP2. After I did that everything worked.
It is amazing how such a small thing could cause such a big headache.
The only thing I am unsure about now is DNS. Each ISP provides its own DNS servers. They are also locked to their network. So if my 3 clients do a DNS lookup through ISP1 it will fail until it gets to ISP2 which is 3rd in the list.
It would be nice if I could indicate which DNS server should be used based on provider. I have no clue how to do that though.
It doesn't seem to bad - I have the timeout for DNS forwarders set to the lowest value. So it does resolve pretty fast.
I'd like to thank naghi32 and give him props. His help, advice and rules is what made this all possible for me!