|
Size: 2500
Comment:
|
Size: 5080
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 34: | Line 34: |
| I have an expensive premium internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will just add a second default route and ruin your day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (why this will not work is away beyond this document purpose). | I have an expensive premium internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will add a second default route and ruin my day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (why this will not work is away beyond this document purpose). For the unexperienced network administrator this is hard to diagnose because sometimes it seems to work, and sometimes not. |
| Line 36: | Line 36: |
| Linux with iproute2 have up to 255 distinct routing tables. We are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables. | Linux with iproute2 has up to 255 distinct routing tables. Wue are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables. |
| Line 38: | Line 38: |
| 1. Edit your /etc/iproute2/rt_tables to add a line naming your routing table. You will end up with something like: | Supposing we have three NICs: |
| Line 40: | Line 40: |
| {{# | * eth0: fixed IP addres connected to main Internet link with 200.123.123.106/255.255.255.240 address * eth1: connected to our internal network with 10.1.0.254/255.255.255.0 address * eth2: connected to the broadband backup link with dynamic address 1. Edit /etc/iproute2/rt_tables to add a line naming your routing table. You can call it naything, I prefer the ISP name. We will end up with something like: {{{# |
| Line 51: | Line 57: |
| 2 ISP2}} | 2 ISP2}}} 2. We don't want dhclient messing with our nameserver setup at /etc/resolv.conf. To prevent this, edit /etc/dhcp3/dhclient.conf and change the request setting removing or commenting out ''domain-name'', ''domain-name-servers'', ''host-name'', ''netbios-name-servers'' and ''netbios-scope''. 3. Create a file at /etc/dhcp3/dhclient-enter-hooks.d, call it dualhomed: {{{if [ x$reason == 'xBOUND' ]; then # Lets flush our new routing table /sbin/ip route flush table ISP2 # Stop marking packets /sbin/iptables -F PREROUTING -t mangle # Flush routing rules /usr/local/sbin/flush_rules.pl # Cable modem will give us a private IP # when link is down. prefixo=`echo $teste | cut -d . -f 1-2` if [ x$prefixo == 'x192.168' ]; then exit fi # Copy NIC routes at main routing table: /sbin/ip route add 200.123.123.104/29 dev eth0 table ISP2 /sbin/ip route add 10.1.0.0/24 dev eth1 table ISP2 # Advanced rules /sbin/ip rule add from $new_ip_address table ISP2 /sbin/ip rule add fwmark 0x2 table ISP2 # Mark HTTP packages we want to send through ISP2 /sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 443 -j MARK --set-mark 2 /sbin/iptables -I PREROUTING -t mangle -s 10.1.0.0/24 -i eth1 -p tcp --dport 80 -j MARK --set-mark 2 fi # We dont want a default route to this gateway at the main table, # so we undefine $new_routers. isp2_gateway=$new_routers new_routers="" }}} 4. Create a file at /etc/dhcp3/dhclient-exit-hooks.d, call it dualhomed: {{{ if [ x$reason == 'xBOUND' ]; then # Cant be done at dhclient-enter-hooks time my_new_network=`ipcalc -n $new_ip_address/$new_subnet_mask | grep Network | cut -b 12-32` /sbin/ip route add $my_new_network dev $interface table ISP2 /sbin/ip route add default via $isp2_gateway table ISP2 # Should we restar squid to bind to the new interface? /etc/init.d/squid restart fi }}} |
|<tablestyle="float:right; font-size: 0.9em; width:40%; background:#F1F1ED; margin: 0 0 1em 1em;" style="padding:0.5em;">ContentsBRTableOfContents(2)||
This page describes how you can setup more than one Internet connection on the same machine.
Introduction
In many situations, is desirable to have more than one connection to the Internet:
- for backup purposes
- to redirect bulk traffic through a less expensive link
- to split traffic between many links
If all your Internet connections have fixed IP address, perhaps your questions are already answered by the [http://lartc.org/howto/ "Advanced Routing HowTo"].
This guide aims to help you setup your network to use more than one Internet connection when one or more links uses dynamic IP adrress.
Prerequisites
Fot this to work you should install:
* iproute2 * iptables * ipcalc * dhcp3-client
Secret Sauce
The secret is to use hooks provided by dhclient-script to setup advanced routing for you. You can modify the standard behavior adding your own custom scripts to the folders dhclient-enter-hooks.d and dhclient-exit-hooks.d at /etc/dhcp3/ (man dhclient-script).
There are a debug script which is very useful to show the information that is available to your scripts. Just edit the scripts at these folders changing RUN="no" to RUN="yes" and you will have useful debug information logged to /tmp/dhclient-script.debug.
Case #1: fixed-address premium link + cheap broadband connection
I have an expensive premium internet connection at the office, but want to have also a cheap broadband cable connection for backup and download acceleration. Just plugging a second NIC and connecting it to cable modem will not work: DHCP will add a second default route and ruin my day because the ISP #1 will not route packets with ISP #2 source address and vice-versa (why this will not work is away beyond this document purpose). For the unexperienced network administrator this is hard to diagnose because sometimes it seems to work, and sometimes not.
Linux with iproute2 has up to 255 distinct routing tables. Wue are going to create a new routing table with default route pointing to the second ISP and use iproute2 rules to conditionally select between routing tables.
Supposing we have three NICs:
- eth0: fixed IP addres connected to main Internet link with 200.123.123.106/255.255.255.240 address
- eth1: connected to our internal network with 10.1.0.254/255.255.255.0 address
- eth2: connected to the broadband backup link with dynamic address
- Edit /etc/iproute2/rt_tables to add a line naming your routing table. You can call it naything, I prefer the ISP name. We will end up with something like:
{{{# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 2 ISP2}}}
We don't want dhclient messing with our nameserver setup at /etc/resolv.conf. To prevent this, edit /etc/dhcp3/dhclient.conf and change the request setting removing or commenting out domain-name, domain-name-servers, host-name, netbios-name-servers and netbios-scope.
- Create a file at /etc/dhcp3/dhclient-enter-hooks.d, call it dualhomed:
{{{if [ x$reason == 'xBOUND' ]; then
- # Lets flush our new routing table /sbin/ip route flush table ISP2 # Stop marking packets /sbin/iptables -F PREROUTING -t mangle # Flush routing rules /usr/local/sbin/flush_rules.pl # Cable modem will give us a private IP # when link is down.
prefixo=echo $teste | cut -d . -f 1-2 if [ x$prefixo == 'x192.168' ]; then
- exit
fi
# We dont want a default route to this gateway at the main table, # so we undefine $new_routers. isp2_gateway=$new_routers new_routers="" }}}
- Create a file at /etc/dhcp3/dhclient-exit-hooks.d, call it dualhomed:
if [ x$reason == 'xBOUND' ]; then
# Cant be done at dhclient-enter-hooks time
my_new_network=`ipcalc -n $new_ip_address/$new_subnet_mask | grep Network | cut -b 12-32`
/sbin/ip route add $my_new_network dev $interface table ISP2
/sbin/ip route add default via $isp2_gateway table ISP2
# Should we restar squid to bind to the new interface?
/etc/init.d/squid restart
fi