Home / server / Questions / 664303
In Process
ΤΖΩΤΖΙΟΥ
Asked: 2015-02-03 03:31:53 +0800 CST

How to route from Ubuntu server with two ISP connections?

  • 772

At the office we have a server with a single $SERVER_IF having a local IP address $SERVER_IP_MAIN=192.168.1.12/24 behind an ADSL router $ROUTER_MAIN with a static external IP address from $ISP_MAIN. Everything works fine, incoming and outgoing connections pass through without any issues.

Now, we got another connection to a different $ISP_BACKUP for fallback purposes using $ROUTER_BACKUP. I don't need any load balancing; all outgoing connections should still go through $ISP_MAIN, I just want to ensure that any incoming connections through $ISP_BACKUP are routed through $ROUTER_BACKUP.

I tried to follow some generic advice using ip route and ip rule, but I must be doing something wrong. (My main source: http://lartc.org/howto/lartc.rpdb.multiple-links.html )

The current setup is as follows:

server has:
    $SERVER_IF=eth0 with address $SERVER_IP_MAIN=192.168.1.12/24
    $SERVER_IF:0=eth0:0 with address $SERVER_IP_BACKUP=192.168.252.12/24 # pseudo interface

$ROUTER_MAIN has:
    $ROUTER_MAIN_IP=192.168.1.254/24

$ROUTER_BACKUP has:
    $ROUTER_BACKUP_IP=192.168.252.1/24

Using tcpdump on the server, I verified that $ROUTER_BACKUP is set-up correctly since packets coming through $ISP_BACKUP are being delivered to $SERVER_IP_BACKUP, but I assume that the replies are being routed through $ISP_MAIN because I can't establish a connection from an external server:

12:54:06.950853 IP 178.128.57.39.dsl.dyn.forthnet.gr.57987 > 192.168.252.12.5631: Flags [S], seq 2240370501, win 5840, options [mss 1452,sackOK,TS val 471912856 ecr 0,nop,wscale 4], length 0
12:54:06.950903 IP 192.168.252.12.5631 > 178.128.57.39.dsl.dyn.forthnet.gr.57987: Flags [S.], seq 2209117020, ack 2240370502, win 14480, options [mss 1460,sackOK,TS val 215023497 ecr 471912556,nop,wscale 4], length 0

Note that $ROUTER_BACKUP does not do a SNAT, since the server receives packets with the original outside-world source IP address.

How can I implement what is needed? (i.e. connections through $ISP_BACKUP to be routed through $ROUTER_BACKUP)

linux

1 Answers

  1. Well, given the setup, all was needed was to:

    • add a table named backup in /etc/iproute2/rt_tables
    • ip route add 192.168.252.0/24 dev eth0:0 src 192.168.252.12 table backup (local network for fallback purposes)
    • ip route add default via 192.168.252.1 table backup (its default route)
    • ip rule add from 192.168.252.12 lookup backup (use it when replying from $SERVER_IP_BACKUP)

    I must have somehow botched that final line earlier.

    After all of the above:

    • ip route flush table cache
    • 0