[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Redundant link in FreeBSD

To: antonio at nambu.uem.mz
Subject: Re: Redundant link in FreeBSD
From: Brian Candler <B.Candler at pobox.com>
Date: Wed, 30 Apr 2003 14:24:02 +0100
Cc: afnog at afnog.org
Content-Disposition: inline
Content-Type: text/plain; charset=us-ascii
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
In-Reply-To: <3EAF9F2D.5919.53E70C at localhost>; from antonio at nambu.uem.mz on Wed, Apr 30, 2003 at 10:02:21AM +0200
References: <3EAF9F2D.5919.53E70C at localhost>
Sender: owner-afnog at afnog.org
User-Agent: Mutt/1.2.5i

On Wed, Apr 30, 2003 at 10:02:21AM +0200, antonio at nambu.uem.mz wrote:
> Does anyone know whether it is possible to have a dial-up link 
> setup on a freebsd machine which is acting as a proxy between a 
> local network and an ISP connected by a leased line so that when 
> the leased line fails the freebsd machine can automatically call 
> through the dialup to the same ISP?
...
> The FreeBSD machine is running NAT, has two network cards, is 
> connected to the Internet via a leased line, it is FreeBSD 4.7.

My home machine used to do something very similar:

                            modem -//-> dialup
                              |
                    fxp0      |      fxp1
    -------------------- FreeBSD Box ------------- DSL router ----> ISP
     LAN/private IPs                  public IPs

My only concern was to provide continued Internet access to the LAN machines
on private IPs if the DSL line failed; I made no attempt to reroute the
public IPs. The dial-up account that I used was just a normal ISP account
with a dynamic IP.

Essentially, you just configure NAT on both outbound interfaces (say fxp1
and ppp0). With ipfw and userland ppp you end up with two separate NAT
instances: natd for the ethernet, and userland ppp doing the NAT. Personally
I find this sort of setup much easier with ipfilter, where you can configure
NAT on multiple interfaces without ever having to mess with multiple natd
instances.

So, packets which go out of ppp0 are NAT'd to ppp0's local address, and
packets which go out of fxp1 are NAT'd to fxp1's IP address.

The only thing you need to do, then, is swing the default route
appropriately. I left this as a manual process, because I did not want my
phone line to be used while I was not around. However in principle you could
ping (on fxp1) the IP address of the next-hop router at the ISP, with a TTL
of 1. If this fails then you can remove defaultroute and bring up the ppp
link. When it works again then you can kill ppp and put back the old
defaultroute. So it needs a bit of scripting to be done automatically.

One note: with dynamic IPs, you need to run 'ipf -y' after the PPP interface
has been brought up, to let ipfilter know about the interface IP address
changes. You can put this in /etc/ppp/ip-up

Regards,

Brian.

-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- Re: Redundant link in FreeBSD
  - From: antonio at nambu.uem.mz

References:
- Redundant link in FreeBSD
  - From: antonio at nambu.uem.mz
- Redundant link in FreeBSD
  - From: antonio at nambu.uem.mz

Prev by Date: RE: BGP over satellite link - update!!
Next by Date: Re: Redundant link in FreeBSD
Prev by thread: Redundant link in FreeBSD
Next by thread: Re: Redundant link in FreeBSD
Index(es):
- Date
- Thread