[ale] Advanced Routing for Dummies

Joseph A. Knapka jknapka at earthlink.net
Fri Apr 13 18:10:53 EDT 2001 

Leonard Thornton wrote:
> 
> OK sports fans...I'm in over my head and need help.
> 
> I have an internal private network and two public networks.
> 
> Local Network "A"
> Public Network "B" (T1 connection, 16 static IP addresses)
> Public Network "C" (iDSL, 13 static IP addresses)
> 
> I have a Linux / RH7.0 / ipchains firewall with three (3) NICs (3C509)
> which connects the three networks.
> "A" = eth0 (NAT)
> "B" = eth1
> "C" = eth2
> 
> My internal network uses the firewall NIC eth0 as it's default gateway.  No
> problems.
> 
> The issues I have:  Network "B" sees Network"C" only through the public
> network connection, not my firewall (and vice versa).  If I lose wither my
> T1 or my iDSL feed, "B" and "C" cannot talk to each other.  Additionally,
> if I lose my T1, I have to manually repoint my internal LAN traffic to the
> iDSL public connection.  I know there is a way for "B" and "C" to route to
> each other through the firewall rather than externally, but I have yet to
> find the magic incantation. 

I believe you want:

On each machine on "B" network:

route add -net <C.network> netmask <C.netmask> gw <A's IP on B>

On each machine on "C" network:

route add -net <B.network> netmask <B.netmask> gw <A's IP on C>

> Additionally, is there a way to set up the
> routing so that my T1 is the preferred path for my internal network, and
> yet have traffic automatically go out the iDSL side if the T1 fails?

[Wild speculation; beware...]
 
On A:

route add default gw <T1.gateway> metric 1
route add default gw <iDSL.gateway> metric 2

Then tell EVERY machine on all nets, EXCEPT the T1 and iDSL gateway
machines, that A is their default gateway. In this case you can skip
the explicit routes between B and C through A given above, since if
A is the default gateway they're unnecessary. The iDSL gateway
and the T1 gateway machines will, however, still need explicit
routes to reach the "other" network through A, since their
default gateways must be the machines on the other end of
the iDSL and T1 links. The idea is that all packets will go through
A, and then be sent out via whichever gateway (a) works, and (b) has
the lowest metric.

Actually I think ICMP redirects might throw a wrench into this
scheme, but I'm not sure I fully understand how ICMP redirects
work in a situation like this. It's worth a try if no one else
can tell you for sure how to do it right :-)

Also, this won't be entirely transparent: connections established
through the T1 gateway will be lost if the T1 goes down, even though
future connections will (should) succeed via the iDSL link. The reason
is that the machine on the other end of the connection will still be
trying to return packets via a route that goes across the T1; it
has no idea that you have switched to a default gateway on a
totally different network.

Disclaimer: I have not set up a network exactly like this before.

Good luck,

-- Joe

> I have read FAQ's / HOW-TO's / Magic scrolls until I can't see anymore.

I guess the last one must have been a scroll of Blindness... bummer.

-- 
"If I ever get reincarnated... let me make certain I don't come back
 as a paperclip." -- protagonist, H Murakami's "Hard-boiled Wonderland"
// Linux MM Documentation in progress:
// http://home.earthlink.net/~jknapka/linux-mm/vmoutline.html
* Evolution is an "unproven theory" in the same sense that gravity is. *
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list