[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Redundant link in FreeBSD
Thanks Brian. I will try it as soon as I find someone to script for me
the automated default route swing.
Cheers,
On 30 Apr 2003 at 14:24, Brian Candler wrote:
> On Wed, Apr 30, 2003 at 10:02:21AM +0200, antonio at nambu.uem.mz wrote:
> > Does anyone know whether it is possible to have a dial-up link
> > setup on a freebsd machine which is acting as a proxy between a
> > local network and an ISP connected by a leased line so that when
> > the leased line fails the freebsd machine can automatically call
> > through the dialup to the same ISP?
> ...
> > The FreeBSD machine is running NAT, has two network cards, is
> > connected to the Internet via a leased line, it is FreeBSD 4.7.
>
> My home machine used to do something very similar:
>
> modem -//-> dialup
> |
> fxp0 | fxp1
> -------------------- FreeBSD Box ------------- DSL router ----> ISP
> LAN/private IPs public IPs
>
> My only concern was to provide continued Internet access to the LAN machines
> on private IPs if the DSL line failed; I made no attempt to reroute the
> public IPs. The dial-up account that I used was just a normal ISP account
> with a dynamic IP.
>
> Essentially, you just configure NAT on both outbound interfaces (say fxp1
> and ppp0). With ipfw and userland ppp you end up with two separate NAT
> instances: natd for the ethernet, and userland ppp doing the NAT. Personally
> I find this sort of setup much easier with ipfilter, where you can configure
> NAT on multiple interfaces without ever having to mess with multiple natd
> instances.
>
> So, packets which go out of ppp0 are NAT'd to ppp0's local address, and
> packets which go out of fxp1 are NAT'd to fxp1's IP address.
>
> The only thing you need to do, then, is swing the default route
> appropriately. I left this as a manual process, because I did not want my
> phone line to be used while I was not around. However in principle you could
> ping (on fxp1) the IP address of the next-hop router at the ISP, with a TTL
> of 1. If this fails then you can remove defaultroute and bring up the ppp
> link. When it works again then you can kill ppp and put back the old
> defaultroute. So it needs a bit of scripting to be done automatically.
>
> One note: with dynamic IPs, you need to run 'ipf -y' after the PPP interface
> has been brought up, to let ipfilter know about the interface IP address
> changes. You can put this in /etc/ppp/ip-up
>
> Regards,
>
> Brian.
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org