[ale] Odd network setup w/ iptables NAT routing
Michael B. Trausch
mike at trausch.us
Wed Jul 14 10:59:19 EDT 2010
On Wed, 2010-07-14 at 08:35 -0400, James Sumners wrote:
> I understood your situation to be that you have two external
> connections coming into the firewall 24/7. That is, DSL on eth0 and T1
> on eth1 (or whatever, I've never dealt with a T1).
That would be correct.
> I thought the "manual" part was all done at a keyboard. Now I
> understand that you have to unplug the DSL connection from the
> firewall and plug in the T1? If that's the case, well, I don't know
> what to suggest in regard to the two networks.
>
This is also correct. I'm just not sure that I understand what bridging
the two interfaces together would accomplish. Basically, I have the DSL
attached to eth0, the LAN attached to eth1, and the T1 line attached to
eth2. When packets stop going across eth0 (which I can adequately
determine by using "ping -c4 <default gateway> > /dev/null" and checking
the status code), I need to trigger a failover to the eth2 device. Of
course, I only had the light-bulb moment about checking the default
gateway late last night... the DSL modem provides the default gateway.
> I assume you're just power cycling the AT&T modem? I'm fairly positive
> that you will not be able to power cycle that thing remotely. I'd be
> shocked if AT&T offers anything that useful. You might look into a PCI
> modem[1]. Then you can remotely take the interface down and bring it
> back up via your dial-up connection.
To make things more complicated, this is something of a nonstandard
setup. I think that if I print out the whole configuration listing on
the advanced configuration page, I can probably mirror the
configuration. What I *don't* know about DSL is if you have to register
the device on the network before being able to use it. I know that at
least with cable modems, you have to have the network provider whitelist
the hardware address of the modem so that they will talk to it. Perhaps
since DSL authentication is done using PPPoE, that is different? I
don't know.
I will check into the PCI modem, though, because that would very likely
solve all of the issues that I have. I'll just need to figure out
exactly how they are tunneling the static IP addresses to me; the modem
picks up a dynamic address over PPPoE and then uses that to gateway the
static IP addresses. If everything works out perfectly with this, I
would be able to use all 6 addresses in the /29 that is allocated to us,
instead of giving up one for the modem... that would be nice.
Is it too much to expect of any service provider to just work and to
provide hardware that just works? I'm beginning to think that it is
indeed too much of an expectation.
--- Mike
More information about the Ale
mailing list