November 22, 2024, 02:41:43 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: NAT - Problem with mutiple public IPs  (Read 6199 times)

Offline vinfriend

  • New Member
  • Posts: 2
NAT - Problem with mutiple public IPs
« on: June 21, 2007, 02:58:49 PM »
I use NAT for sharing Internet connection among around 20 PCs in my office.  We use two permanent internet connections from different ISPs ie. we have a total of two public IPs from two ISPs. The system works well while using NAT with Masquerading for load balancing in normal case, but in the event of one connection failure some PCs fail to connect to Internet. I think, the problem is Masquerading Load balancing system has no way to detect the failure of any of the public IPs in the pool and it routes the packets to that public IP.

So, Is there any way to configure NAT with Masquerading in such a way that it detects failure of Public IPs and avoid routing packets through that IPs? Please help.

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Re: NAT - Problem with mutiple public IPs
« Reply #1 on: June 21, 2007, 07:43:19 PM »
Can you show the script which you are using ?

Offline vinfriend

  • New Member
  • Posts: 2
Re: NAT - Problem with mutiple public IPs
« Reply #2 on: June 22, 2007, 10:32:05 AM »
My sample script is posted below. As you can see in the script we use two public IP interfaces ext_if1 and ext_if2 so that load will be balanced on both IPs in a Round Robin manner. But my doubt is what will happen if any of the two public IPs fails? Will NAT continue to pass traffic to the failed IP which will loose net connection for that clients, or Will NAT detect the IP failure and pass all traffic to the good IP which I want to happen? Plz help.

=================================
lan_net = "192.168.0.0/24"
int_if  = "dc0"
ext_if1 = "fxp0"
ext_if2 = "fxp1"
ext_gw1 = "68.146.224.1"
ext_gw2 = "142.59.76.1"

#  nat outgoing connections on each internet interface
nat on $ext_if1 from $lan_net to any -> ($ext_if1)
nat on $ext_if2 from $lan_net to any -> ($ext_if2)

#  default deny
block in  from any to any
block out from any to any

#  pass all outgoing packets on internal interface
pass out on $int_if from any to $lan_net
#  pass in quick any packets destined for the gateway itself
pass in quick on $int_if from $lan_net to $int_if
#  load balance outgoing tcp traffic from internal network.
pass in on $int_if route-to \
    { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
    proto tcp from $lan_net to any flags S/SA modulate state
#  load balance outgoing udp and icmp traffic from internal network
pass in on $int_if route-to \
    { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \
    proto { udp, icmp } from $lan_net to any keep state

#  general "pass out" rules for external interfaces
pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if1 proto { udp, icmp } from any to any keep state
pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state
pass out on $ext_if2 proto { udp, icmp } from any to any keep state

#  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
#  $ext_if2 and $ext_gw2
pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Re: NAT - Problem with mutiple public IPs
« Reply #3 on: June 22, 2007, 07:18:31 PM »
I was expecting script in iptables.. can't comment on this one !