What should seem like an easy thing to do has proven to be more
elusive than anticipated. Perhaps it is the glut of information
with often contradictory or piecemeal information. I am
looking to set up a machine that has 1 NIC, with multiple default gateways.
By ‘multiple’ I mean two. THe issue I have is that when I get an inbound to
request to the box from network B, it tries to go out A, and B never
receives a response, because the box only knows about gateway A. I need
it to be able to receive and reply to requests from both gateways.
Thanks for any assistance.
So I don’t know where these two routers go or their actual addresses, but have you considered just setting up router A as your office/home default gateway and router B as the default gateway for router A? Unless you are trying to have a backup router, I am not sure what else to do here.
Thank You,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Your subject and request are probably wrong. Working within two networks
may require two logical gateways, but a system only has one default gatway
as it is the last-change, nothing-else-applies,
help-before-an-error-is-thrown gateway. If you are having routing
problems between networks you need to define a network route for the two
networks to be setup properly. With that said it would be interesting to
see exactly how your box is setup and have a detailed description of
exactly what does and does not work. Start with the output from the
following:
ip addr sh
ip route sh
ip -s link
Good luck.
On 09/07/2010 01:56 PM, GofBorg wrote:
> What should seem like an easy thing to do has proven to be more
> elusive than anticipated. Perhaps it is the glut of information
> with often contradictory or piecemeal information. I am
> looking to set up a machine that has 1 NIC, with multiple default gateways.
> By ‘multiple’ I mean two. THe issue I have is that when I get an inbound to
> request to the box from network B, it tries to go out A, and B never
> receives a response, because the box only knows about gateway A. I need
> it to be able to receive and reply to requests from both gateways.
> Thanks for any assistance.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMhp18AAoJEF+XTK08PnB5spAP/jjK+qYfwTi6pklMvWlOT2q/
/EAFYRLjxcAAFIoUtpYn2VecD6YM+DcR1UJ9Vm7iasvJNXqu13BvEYKj9VeyaxwM
QOXeYMq3YbXCOUvG2u0rRNMel9npvvwJkQ6WOID0kuLdQHm6930h8B5KTPyizoMw
QOgVVuMEJrBEs/Hnqt38U/YXPq4xXx8NEuUqBCyInEP8XeiCAHDNvB3W2Jtw2HjG
zHNLkxYnJ7khmnDHfE0btGc9tyTmxy96Y6x4ADBOM7ELNgUZ6bVxGTi0qfjNy5V0
Eg8t9RXlcICIeMn/SSXDI7RxH9ND25IGrjvl4IUKyRUjF7S0yUcb1gEmabdn57Sz
gAWeUAqKx2KHUcPiKMzSM/N5WDEzuxFL9Bvc3sryGon8QIZtHCdAl4GUjISPuyuf
8IUgu2EA/L1ym52qhUElnebJmgwAl6UBkGxG55NRysQkdVHLCvI6WjZmPwppN29Y
YBGkcP7o/FcE/q+R+mPcdPoN5RJmJn/x9j65mBOgSYu+ZIWVtD6e4mGNrdzFsG/X
cdmq9kjL6b19ym6NBDdJR/uol3UTi2sLlsuOVV7IzzxbdYHMddPvYnwQi5HwSw2/
Gefs320qLsIhiKWSGtG3Xd3UBzvzi4dQ+zRbaOyatYKd2S7ia85IxPmrLGTx33dY
dmK2HxL4WvoTDtP6dyB6
=jGmh
-----END PGP SIGNATURE-----
I have a box with one NIC.
I have 2 ISP’s. I would like to route internet traffic
via both ISP’s to the same box. It’s a classic case of needing
a failover circuit. I can route in and out from 1 ISP without
problem, but when the second ISP is employed, information comes in,
but then tries to flow back out of the netwokr defined by the default
gateway. In order to get traffic going out over the ‘backup’ ISP, I have
to manually switch the default gateway. I do not want to have
to toss in another NIC, as it complicates the software side of the equation.
Pretty much easier just to manually change the IP if I had to do that, but
would be nice if it could be transparent. I have the DNS portion covered,
just need to sort out the routing.
So for instance say network is like this:
Internal IP
192.168.1.20
Default GW 192.168.1.1
(Firewall 1)
Internal IP
192.168.1.1
External IP Network 1
213.160.129.20
(Firewall 2)
Internal IP
192.168.1.2
External IP Network 2
213.170.129.20
Both External IP’s route to the Internal IP via separate firewalls
doing NAT. Somewhere I read that you could do a route add default and
simply add in a second default gatewy, but doesn’t seem to work.
These IP’s are bogus for those playing along.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Your subject and request are probably wrong. Working within two networks
> may require two logical gateways, but a system only has one default gatway
> as it is the last-change, nothing-else-applies,
> help-before-an-error-is-thrown gateway. If you are having routing
> problems between networks you need to define a network route for the two
> networks to be setup properly. With that said it would be interesting to
> see exactly how your box is setup and have a detailed description of
> exactly what does and does not work. Start with the output from the
> following:
>
> ip addr sh
> ip route sh
> ip -s link
>
> Good luck.
>
>
>
> On 09/07/2010 01:56 PM, GofBorg wrote:
>> What should seem like an easy thing to do has proven to be more
>> elusive than anticipated. Perhaps it is the glut of information
>> with often contradictory or piecemeal information. I am
>> looking to set up a machine that has 1 NIC, with multiple default
>> gateways. By ‘multiple’ I mean two. THe issue I have is that when I get
>> an inbound to request to the box from network B, it tries to go out A,
>> and B never receives a response, because the box only knows about gateway
>> A. I need it to be able to receive and reply to requests from both
>> gateways. Thanks for any assistance.
>>
>>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.15 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJMhp18AAoJEF+XTK08PnB5spAP/jjK+qYfwTi6pklMvWlOT2q/
> /EAFYRLjxcAAFIoUtpYn2VecD6YM+DcR1UJ9Vm7iasvJNXqu13BvEYKj9VeyaxwM
> QOXeYMq3YbXCOUvG2u0rRNMel9npvvwJkQ6WOID0kuLdQHm6930h8B5KTPyizoMw
> QOgVVuMEJrBEs/Hnqt38U/YXPq4xXx8NEuUqBCyInEP8XeiCAHDNvB3W2Jtw2HjG
> zHNLkxYnJ7khmnDHfE0btGc9tyTmxy96Y6x4ADBOM7ELNgUZ6bVxGTi0qfjNy5V0
> Eg8t9RXlcICIeMn/SSXDI7RxH9ND25IGrjvl4IUKyRUjF7S0yUcb1gEmabdn57Sz
> gAWeUAqKx2KHUcPiKMzSM/N5WDEzuxFL9Bvc3sryGon8QIZtHCdAl4GUjISPuyuf
> 8IUgu2EA/L1ym52qhUElnebJmgwAl6UBkGxG55NRysQkdVHLCvI6WjZmPwppN29Y
> YBGkcP7o/FcE/q+R+mPcdPoN5RJmJn/x9j65mBOgSYu+ZIWVtD6e4mGNrdzFsG/X
> cdmq9kjL6b19ym6NBDdJR/uol3UTi2sLlsuOVV7IzzxbdYHMddPvYnwQi5HwSw2/
> Gefs320qLsIhiKWSGtG3Xd3UBzvzi4dQ+zRbaOyatYKd2S7ia85IxPmrLGTx33dY
> dmK2HxL4WvoTDtP6dyB6
> =jGmh
> -----END PGP SIGNATURE-----
> So I don’t know where these two routers go or their actual addresses,
> but have you considered just setting up router A as your office/home
> default gateway and router B as the default gateway for router A?
> Unless you are trying to have a backup router, I am not sure what else
> to do here.
>
> Thank You,
Thanks.
Please see response to ab.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Okay, that makes a little more sense at why things are not working if I am
understanding you correctly.
Your SUSE box has no clue what is going on beyond 192.168.1.1 so you need
to work with your router manufacturer to figure out how/if this can be
done. The tricky thing here is that routing (on a host) is defined by a
routing table. Your SUSE box only has one network route (192.168.1.*
probably, set to go out eth0 probably) and then a default route (0.0.0.0
should go out eth0 destined for 192.168.1.1 which is the default route)
for everything else. As 216.160 and 216.170 are both “everything else”
they both go to the router (as will everything that is not on your private
network).
On your router side (with the two connections to the two ISPs) routing is
probably working the same way but maybe there is a way to configure your
router to send data out using the same socket on which it came in.
Basically data coming from your SUSE box (192.168.1.20) are going out to
the world which is, unless a more-specific route exists on your router
(for one of your two ISPs specifically and explicitly) means the default
route. This is fine for data going out and then coming back in but not so
great for data coming in and then going back out as the incoming data (as
known by the remote box) goes to one IP and the responding data comes from
another IP which is seen as unsolicited traffic.
So how do you fix this? Somehow your router (which I assume is not a SUSE
box, but correct me if that is an invalid assumption) needs to know that
data coming in from a certain IP and port needs to go back out via the
same interface when going back out to that same IP and port. Maybe
routers can do this, but I’m not familiar enough with how that
configuration would work to know for sure. It feels a bit like
masquerading but with a twist of confusion.
If the SUSE box actually does have all of these addresses bound somehow we
still need the output from those previous commands.
Good luck.
On 09/07/2010 02:41 PM, GofBorg wrote:
> I have a box with one NIC.
>
> I have 2 ISP’s. I would like to route internet traffic
> via both ISP’s to the same box. It’s a classic case of needing
> a failover circuit. I can route in and out from 1 ISP without
> problem, but when the second ISP is employed, information comes in,
> but then tries to flow back out of the netwokr defined by the default
> gateway. In order to get traffic going out over the ‘backup’ ISP, I have
> to manually switch the default gateway. I do not want to have
> to toss in another NIC, as it complicates the software side of the equation.
> Pretty much easier just to manually change the IP if I had to do that, but
> would be nice if it could be transparent. I have the DNS portion covered,
> just need to sort out the routing.
>
> So for instance say network is like this:
>
> Internal IP
>
> 192.168.1.20
> Default GW 192.168.1.1
>
> (Firewall 1)
> Internal IP
> 192.168.1.1
> External IP Network 1
> 213.160.129.20
>
> (Firewall 2)
> Internal IP
> 192.168.1.2
> External IP Network 2
> 213.170.129.20
>
> Both External IP’s route to the Internal IP via separate firewalls
> doing NAT. Somewhere I read that you could do a route add default and
> simply add in a second default gatewy, but doesn’t seem to work.
>
> These IP’s are bogus for those playing along.
>
>
>
>
>
>
>
>
> Your subject and request are probably wrong. Working within two networks
> may require two logical gateways, but a system only has one default gatway
> as it is the last-change, nothing-else-applies,
> help-before-an-error-is-thrown gateway. If you are having routing
> problems between networks you need to define a network route for the two
> networks to be setup properly. With that said it would be interesting to
> see exactly how your box is setup and have a detailed description of
> exactly what does and does not work. Start with the output from the
> following:
>
> ip addr sh
> ip route sh
> ip -s link
>
> Good luck.
>
>
>
> On 09/07/2010 01:56 PM, GofBorg wrote:
>>>> What should seem like an easy thing to do has proven to be more
>>>> elusive than anticipated. Perhaps it is the glut of information
>>>> with often contradictory or piecemeal information. I am
>>>> looking to set up a machine that has 1 NIC, with multiple default
>>>> gateways. By ‘multiple’ I mean two. THe issue I have is that when I get
>>>> an inbound to request to the box from network B, it tries to go out A,
>>>> and B never receives a response, because the box only knows about gateway
>>>> A. I need it to be able to receive and reply to requests from both
>>>> gateways. Thanks for any assistance.
>>>>
>>>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJMhq+AAAoJEF+XTK08PnB5U7AQAMAXzzbBK0//pkAYXOZAqFEi
CNtlre/5wUCk8boHhYb9of/LjK/QvLQtsLLChgr2ZgjwhmsMcDopBkWqaO/D9qLM
lwtZW97ILRavNLlARupDG9hLC5qmrnDVhmCNHhIhPcXCUgEpcXBWjgedZi15cSly
GknP5Bp29Cm5Iqd6AJ1nER5ExbcdAJIFmRDAOYBiZOBzAcl2h9K3qchBeRQc3ys7
loryDPXkiqRne04M/uV8weUWHj/mXpZaHBXPVSNBwz0O5gAeZO/4fEFlid+ng85n
ksifiyS+gQUsY3kNy9MMbzLkytwVWFuVRzBKOWfSwaZA6PK0xaS/cIu+M0k6ysba
3vRN29aZQrCdcwZ7GnBI36QwvjltxZ8ddM5ALW/0CU+lV6M1gR7a8FR5O2XDlOoo
Us4A6z362RhILwe9IkiXtHnJ/dTPPMdOVF30QW63nI4EZFSHFkyD//M7el2BEhXQ
EXVJnc0T0idpBF/TvXK2MuIBQgTEHW7NhLMpcyEleZT4TcWP96NS0CzqtQzZ9tSZ
djSTlUtjVK2D27QUTpPi2r6hy8WM/o6IL9lLChCj6G+aGQ9TTZy4/rO489ly9C+R
fuI+YHqPqoAI939Mc/ZMxmhywbeOohoJbOzi1Hb9KpkGm6u50JVll4tziottT4bK
036M/BAn/rhV0LryiAkF
=MBP4
-----END PGP SIGNATURE-----