ashanderson
Technical User
Our company has decided to employ a DSL line as a redundant/fault tolerant link to go with our T1 line. We have decided to use Linux as our router and we are using SuSE 7.2 Pro.
What we want to do is have the Linux Router sit between our T1 router and VPN box with the DSL line interfacing directly with it. So we there would be 3 networks. Ideally we would have VPN traffic (business critical) traffic from the LAN route down the T1 line, and all HTTP and HTTPS traffic route down the slower DSL line. In the event of the T1 line failing (or DSL line) all traffic should automatically be routed down the remaining link.
So effectively we end up with 2 routes to the Internet from our LAN.
However, I have struggled to get multiple routes working in testing: I have a Linux router configured with three interfaces (NICs):
A. 192.168.1.220/24 connected to PC1 192.168.1.240/24
B. 192.168.1.230/24 connected to the LAN 192.168.1.0/24
C. 10.100.100.1/24 connected to PC2 10.100.100.10/24
The default gateway on the LAN points to the LAN router.
- From the router I can PING the LAN (any PC/device), both PCs and the reach Internet.
- From PC1 I can PING the router's three interfaces, any PC on the LAN and PC2 plus reach the Internet.
- From PC2 I can PING the router's three interfaces and PC1 BUT I cannot ping anything on the LAN or reach the Internet
This is the problem I have to resolve. I realize that my success with PC1 may be because it is on the same logical subnet (although not the same physical network).
I have IP Forwarding switched on in the kernel but this hasn't helped. I have tried to set up a separate lookup table for 10.100.100.0 using IP ROUTE and then setting static routes to the LAN network in that table - without
success.
So, what is the best way of creating multiple routes so any PC on any network can reach any other network attached to the router? Can this be done? Do I need to use IP Masquerading or NAT? I've read about IPTables and Netfilter but don't know where to start...
Once I figured this out I'll look into the packet shaping abilities of Linux.
Any advice = much appreciation. thanks.
What we want to do is have the Linux Router sit between our T1 router and VPN box with the DSL line interfacing directly with it. So we there would be 3 networks. Ideally we would have VPN traffic (business critical) traffic from the LAN route down the T1 line, and all HTTP and HTTPS traffic route down the slower DSL line. In the event of the T1 line failing (or DSL line) all traffic should automatically be routed down the remaining link.
So effectively we end up with 2 routes to the Internet from our LAN.
However, I have struggled to get multiple routes working in testing: I have a Linux router configured with three interfaces (NICs):
A. 192.168.1.220/24 connected to PC1 192.168.1.240/24
B. 192.168.1.230/24 connected to the LAN 192.168.1.0/24
C. 10.100.100.1/24 connected to PC2 10.100.100.10/24
The default gateway on the LAN points to the LAN router.
- From the router I can PING the LAN (any PC/device), both PCs and the reach Internet.
- From PC1 I can PING the router's three interfaces, any PC on the LAN and PC2 plus reach the Internet.
- From PC2 I can PING the router's three interfaces and PC1 BUT I cannot ping anything on the LAN or reach the Internet
This is the problem I have to resolve. I realize that my success with PC1 may be because it is on the same logical subnet (although not the same physical network).
I have IP Forwarding switched on in the kernel but this hasn't helped. I have tried to set up a separate lookup table for 10.100.100.0 using IP ROUTE and then setting static routes to the LAN network in that table - without
success.
So, what is the best way of creating multiple routes so any PC on any network can reach any other network attached to the router? Can this be done? Do I need to use IP Masquerading or NAT? I've read about IPTables and Netfilter but don't know where to start...
Once I figured this out I'll look into the packet shaping abilities of Linux.
Any advice = much appreciation. thanks.