[ale] Odd network setup w/ iptables NAT routing

Michael B. Trausch mike at trausch.us
Tue Jul 13 23:35:24 EDT 2010


On Tue, 2010-07-13 at 14:35 -0400, James Sumners wrote:
> I suppose that would depend on the distribution and the qualification
> for "down" on the external link. On Debian there is the
> `/etc/network/if-post-down.d/` directory which contains scripts to
> execute when interfaces are taken down. If that isn't the case, then I
> think a regular poll to the external network would be the best option.
> If you can't ping the gateway it's a pretty sure bet that you can't do
> anything else.
> 
> When you do find that the network is down, wouldn't it be easy to
> flush the iptables rules for the old route and restore the rules for
> the new route? That could surely be scripted easily.
> 
> What about bridging the two networks into one? Then the remote routers
> should take care of things. 

I'm not entirely sure what you mean.  Let me try to clarify a bit, since
I'm about to climb back into the car and drive 20 (40 round trip) miles
just to powercycle a stupid $@$%&*@ piece of AT&T equipment...

I manage (currently) 8 workstations, 3 server machines, and a network
printer/fax/scanner on this little network.  The three server machines
and the printer all have static IP addresses, and the workstations have
DHCP addresses; all the systems but one (presently) have 172.16.3.0/24
addresses, though the other two servers will be getting global IP
addresses soon, assuming this $%@%@^ network will stay up.

Alright, so, all these machines are on a single switch.

The firewall system, which has a global IP address, is physically
attached to a DSL modem (AT&T) and a T1 (effectively a *very* fractional
T1, since it's shared with the phone system).

Now, I just spot-checked to see if I could reach things.  I could not.
To verify that the thing is down and that it's not my system or
connection or whatever that's fscked, I have a modem here and a modem
there, so I can dial-in and try to reach the outside world from there.

Of course, I can't.

Now, I can (manually!) move things over to the T1 line.  Though, that's
a bit of a problem, because for whatever reason that IP address is in
some residential blocklist and the maintainer of the blocklist refuses
to acknowledge my emails in trying to get it unblocked (that's because
they block my whole domain as a matter of policy, because I use GAFYD
for my email service---that's the *stupidest* thing I have *ever* heard
in my life).  So I can't stay on the T1, I must actually get and keep
the DSL working.

Anyway, what I'm down to is powercycling as needed.  Maybe what I should
be asking is if there is something out there that I can plug into the
serial port that will powercycle an appliance when it seems to have gone
dead.  Utter piece of crap...

	--- Mike



More information about the Ale mailing list