Date: Sat, 13 Jul 2002 08:48:43 -0700 From: "Chris McCluskey" <chrism@quantumsol.com> To: "Josh Paetzel" <friar_josh@webwarrior.net> Cc: <freebsd-questions@freebsd.org> Subject: RE: How do I do I decide the best route between two gateways Message-ID: <NIEPJAOGGDJEAPOOENIOOELBCAAA.chrism@quantumsol.com> In-Reply-To: <20020713101213.C284@twincat.vladsempire.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I have a FreeBSD firewall box and attached to it are two > external gateways > > (one from a DSL connection, the other from a T1). Basically I > want the T1 > > link to be the primary link (the default gateway) for the LAN, > but I would > > like to use the DSL link as a failover link. I also have legacy services > > that require the DSL connection (as I'm not prepared to move > those services > > over to the T1 at this time). In doing some research it looks > like routed is > > the way to go, but it doesn't look like I'm getting any RIP or > IRDP messages > > back from the gateways (even though I have explicitly allowed > UDP 520, all > > ICMP traffic, and IGMP though the firewall to be safe [or > unsafe as the case > > may be])-- at least I see no evidence of this (netstat shows no > new gateways > > and routed -t just shows the repopulation of the local subnet > routes). Are > > there other better options? > > > > One of the main problems I'm having is that to get data to flow > over the T1 > > circuit, I have to change the static default route from the DSL > connection > > to the T1. This is fine since all connections on the T1 then operate as > > expected. But after switching the default gateway, the incoming > connection > > (example SMTP) no longer work. In taking a look at the firewall > rules, the > > packet is successfully received, but lacks a valid route back out the > > system. > > > > The same thing happens in reverse (if I switch the default > route from the T1 > > to the DSL) the DSL connections work fine, but then requests to > the T1 fail > > due to a lack of a good route. > > > > Any ideas? > > > > Thanks. > > > In order for routed to work you are going to need something attached > to your network that can speak RIP and is aware of both of your > internet connections. A cisco 26xx is capable of this, but it's > also capable of doing packet level routing, so you wouldn't need to > worry about multiple routes in your BSD box. You wouldn't need two > nics for your inet connection, either. > > As it sits right now, your router on your T1 has no clue your DSL > exists, so why would it even try to broadcast dynamic routing info > for it. From it's point of view it's the only way out to the > world. Funny thing, but the router on your DSL is thinking the same > way. > > I've yet to overcome the problem of a static default route when > trying to use two internet connections on a FreeBSD box. (Unless a > big box with Cisco on the side was performing voodoo on them) > > If anyone knows a way to make FreeBSD do what he wants, I'm all ears > as well. Does this apply to LAN gateway failover too!? I'm aware that I can't have failover correction on the external (Internet) side of the circuits since neither really has any info on the other, and can't adjust routing to accommodate. So I'm looking at a different two-layer scenario here -- The local FreeBSD box should be able to extrapolate that a connection has failed and readjust the "best route" to use the functional WAN gateway -- this would allow natd-ed LAN data back onto the Internet. And if I'm really lucky keep the active services on the DSL connection stable at the same time by saying, "this request was made on this interface, so the best routing decision is to reply back on the same interface (even if the connection has failed -- because if the connection has failed, people won't be connecting to it <grin>)?! <sarcastic>Not asking for much eh?</sarcastic> Does anyone know of Zebra would work for this (http://www.zebra.org/docs.html). It is still pretty BETA but if it works I'll take it! Thank you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NIEPJAOGGDJEAPOOENIOOELBCAAA.chrism>