Hi everyone,

I just got our second internet connection setup today and am having trouble getting it to co-exist with the first provider.

I want to route most of the LAN through ISP1 and 3 clients on the same LAN through the other.

I can't even get to point of making the shorewall rules to do this as I can't get the second ISP to work on the firewall. I did test it using a laptop and know it works. Here is what I have done so far:

eth1 is ISP1, eth2 is ISP2 and eth0 is the LAN. (I fudged my IP's a bit for security sakes)

In my /etc/network/interfaces file I have this:

# The loopback network interface
auto lo eth1 eth2 eth0
iface lo inet loopback


iface eth1 inet static
address 111.11.111.154
netmask 255.255.255.248
network 111.11.111.152
broadcast 111.11.111.159
dns-nameservers 111.11.2.133 111.11.2.36
gateway 111.11.111.153

iface eth2 inet static
address 222.22.222.194
netmask 255.255.255.248
network 222.22.222.192
broadcast 222.22.222.199
dns-nameservers 222.22.23.114
gateway 222.22.222.193


iface eth0 inet static
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0

I tried commenting out gateway in eth2 and that got eth1 working again. WHen I did the above with 2 gateways none worked.

I have read the great article on multiple providers from LARTC but it is using low level calls directly like ip route add . I am trying to do this within the confines of Ubuntu's config files. I also don't see why everything stopped working when I had gateway defined for eth1 and eth2.

I use shorewall for my firewall config and currently use MASQ to NAT eth0 to eth1. I am sure I'll have to add more rules, zones and MASQ entries to route the 3 clients on the LAN through ISP 2. I have to get the networking stuff working first which is my first hurdle.

If anyone can see what I am doing wrong above, what else I should be doing, etc. I would really appreciate the help.

Oh, I should also mention I use webmin to configure my interfaces / shorewall, etc. if that matters. I am sure it is doing stuff for me I don't know about that may be the cause of my troubles. I noticed the routes page has both networks listed yet I didn't explicitly set them. I assume either webmin did this for me or the Linux networking system figures this out itself based on the settings in my interaces file above... not sure.

Thanks.

I tried to just use the LARTC guide as is and do it by hand to start with to make sure it works and I had no luck at all. I followed their guide to the letter and the original ISP still works but the new ISP won't. When I ping the gateway of ISP 2 I get destination host unreachable - alot of them very fast - it flies up the screen - about 30,000 per second. I put the connection into my laptop directly to verify it works and it does.

Anyone know what might be the cause? I followed the LARTC guide to the letter and really expected this to work. I do use IPTables for routing my LAN traffic - could this be causing issues? Do those rules now need to change because of my multi routing tables and iprules to pick the right table based on src?

I am totally stumped now.

Hey i`ve setup something like this at home, and followed the lartc guide and i worked for me ( more or less )

It works quite ok but after some time YIM disconnects from the Yahoo server and that is all the trouble i am having.

basicly you have to do:
2 tables ( 2 isp`s ) i have 3 of them
default gateway for each of the table
and from there you can EITHER
use a multiroute default gateway ( i use it this way )
or use a [ip rule add from *** via] rule
it`s more complex than this but the lartc should do the work.
Oh and by the way when 1 isp dies you gotta have a scrips that detectes that OR ELSE it won`t work correctly!

LE:
Ohh and remember to use SNAT on the outgoing interface ( -o eth3,tap4, etc )
for each of the interface
not just use SNAT --to

Thanks for the info.

I know I'll have some fiddling to do when it comes to routing the LAN through it.

All my testing so far is only from the firewall itself. I can't access or ping ISP 2 right from the firewall.

Do you think it is possible that the network card I have ISP 2 into isn't working properly?

I am sure I could test this by taking down the other interfaces and making ISP the default and see if it works.

Thanks.

Well i kinda doubt about the NIC not working properly, but for your sake do test it.
Oh and remember to add all the IP-s u have on each of the table or else you won`t be able to reach the router itself ( ie:via ssh).

If you properly setup firewall and routes you should be able to reach isp2 gateway with no problem ( remember to use -I ethX if without it doesn`t work )

Do I have to do anything with the LAN adapter and addresses? I have the LAN using 192.168.1.0/24. Does this also need to be added to each routing table?

I didn't do that.

Also, I don't have a gateway defined for this LAN either. I have 2 default gateways - 1 for each provider and no gateway defined for the LAN. It has always worked with 1 provider using this configuration though.

When I created the 2 new routing tables. I only added ISP1 info to T1 and ISP2 info for T2. I then used ip rules to indicate which table a network / IP should use. Are you saying I should add both adapter routes to each table? basically duplicating the information across all tables?

Also, should I do anything special for the default main routing table? I only have the first ISP in this one. I thought LARTC indicated this is for your preferred provider only.

Thanks.

Oh, I should also ask about what to do on reboots. I am using the ip route , ip rules commands directly from the command line. Doesn't this mean on the next reboot my settings will be lost?

Is there somewhere I should be putting this information so it gets applied on network start / system reboot, etc?

also, I use webmin for most things - any way to do this stuff from there? I didn't see anything in their network pages about building routing tables, etc.

Thanks.

No ! not duplicate gateways
basicly what you have to doo
each table it`s own gateway
but you gotta add the local class ip`s to each table so that from any table they can reach each other, even if the routing will work, i had trouble reaching the router if i did not add those routes.

I doubt webmin will do these kind of things altough i have not used it that much.
You should put those commands on a script ( you know how to build a bash script i`m sure )
, make it executable and put it on a boot file
for my slackware machine i use it in /etc/rc.d/rc.local
that`s an example i`m sure it`s not there for you.

Thanks for all your help!

This is such an advanced item to be doing and getting help or finding docs is difficult.

I did everything from LARTC and from your advice and it still doesn't work. I am going to add a new NIC tomorrow to see if that is my problem. I really expected this to work from my initial attempt... at least from the firewall itself so there must be something wrong with the NIC.. or the driver for that card. It is some internal broadcom card. My other 2 cards are Intel Gb NICS and they work great so I'll throw another one in and see if this helps the situation.

Well i guess if u really want to i could send you my config files look ( i doubt i am allowed to post it in here ). Message me or tell me if i`m allowed to post on forum.

There are at least 3 ways to post config files:

• A common, & IMNRHO abused, way is to put them inside "Code:" tags. (Ask if you don't understand what "Code:" tags are.) Unless they are short, this clutters the thread & destroys the continuity of you narrative of the problem. Also, if they are more than about 80 columns wide, they can f' up the display of the entire thread in some browsers, notably Konqueror 3.x.y, by triggering horizontal scrolling.
  
• Put them in a pastebin & link to them.
• I've never tried this, but I think you could put them in "Code:" tags in an entry in your LQ blog (each of us has one) & link to that.

Well, I finally got this to work, whew!

I was doing everything I was supposed to. The problem was actually with IPTables. I noticed I didn't have a default policy allowing $FW to ISP2. After I did that everything worked.

It is amazing how such a small thing could cause such a big headache.

The only thing I am unsure about now is DNS. Each ISP provides its own DNS servers. They are also locked to their network. So if my 3 clients do a DNS lookup through ISP1 it will fail until it gets to ISP2 which is 3rd in the list.

It would be nice if I could indicate which DNS server should be used based on provider. I have no clue how to do that though.

It doesn't seem to bad - I have the timeout for DNS forwarders set to the lowest value. So it does resolve pretty fast.

I'd like to thank naghi32 and give him props. His help, advice and rules is what made this all possible for me!

Thank you.

I am glad to hear that you have your machine up and running.
Altough i doubt my config files have had any help.
Keep them up and working .