| View previous topic :: View next topic |
| Author |
Message |
dr_rockstar66
n00b
Joined: 10 Nov 2003
Posts: 41
|
 Posted: Wed Feb 23, 2005 3:58 pm Post subject: Two NICS, one web server, & Two Gateways walk into a bar |
 |
|
Okay. I run Gentoo and have a web server running behind a NAT router. What I am trying to accomplish is this. To have two network cards installed in the web server so that I can connect two different independent internet connections (with use of two NAT routers). This way if one connection goes down the other will continue to serve the website. This is how I currently have it setup.
| Code: | (Both Routers forward port 80 traffic)
INTERNET DSL => (68.156.11.23) = (192.168.1.1) =>
WAN PORT LAN PORT =>
ROUTER 1 ROUTER 1 =>
===>{(192.168.1.2)eth1}
{Apache(My web Server)Gentoo}
===>{(192.168.2.223)eth0}
=>
INTERNET CABLE => (164.54.12.11) = (192.168.2.4) =>
WAN PORT LAN PORT
ROUTER 2 ROUTER 2 |
========================================================
my routing table looks like this: (produced from route command)
| Code: | Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth1
loopback localhost 255.0.0.0 UG 0 0 0 lo
default 192.168.2.4 0.0.0.0 UG 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1 |
=========================================================
With it setup like this I tested the connections internally on my LAN. http://192.168.2.223 works perfectly, http://192.168.1.2 works perfectly. So then I decided to test from an outside location (my home computer). It all appeared to work, but only half the time. Sometimes when I connect to my DSL IP (http://68.156.11.23) it pulls up my web page, sometimes it doesn't. Sometimes when I connect to my CABLE IP (http://164.54.12.11) it pulls up my web page, sometimes it doesn't. Here is a little bit more info. that I hope will help with my problem. When I try to access one of the DSL/CABLE IP's and DO NOT get through, I run netstat on my webserver. I can see that the request is getting to the web server but not getting back out to the client machine (my home computer). Looks like this:
==========================================================
| Code: | netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.2:www adsl-157-35-28.ms:62439 SYN_RECV
tcp 0 0 192.168.1.2:www adsl-157-35-28.ms:62441 SYN_RECV |
==========================================================
If I do a netstat when I have a working connection is produces the same as above except where is says SYN_RECV it instead says ESTABLISHED.
So.. what I think is happening it that Apache is receiving the request but then arbitrarily sending back the web info on either eth0 or eth1, so that when it sends in back on the interface that the info came in on it works and when it send the info back on the other interface(which has an ip address in a different subnet) it fails. I'm not positive, but I think I need a rule to state, "Hey... if any traffic comes in on device eth0 then Send out info on only eth0" and the same for eth1.
PLEASE HELP ME>>>>>
Last edited by dr_rockstar66 on Thu Feb 24, 2005 4:17 am; edited 2 times in total |
|
| Back to top |
|
 |
dr_rockstar66
n00b
Joined: 10 Nov 2003
Posts: 41
|
| Posted: Thu Feb 24, 2005 2:09 am Post subject: |
|
|
| bump |
|
| Back to top |
|
|
makoomba
Bodhisattva
Joined: 03 Jun 2004
Posts: 1856
|
|
| Back to top |
|
|
dr_rockstar66
n00b
Joined: 10 Nov 2003
Posts: 41
|
| Posted: Thu Feb 24, 2005 3:47 pm Post subject: |
|
|
| I'll check it out. thanks for the reply |
|
| Back to top |
|
|
SchmilK
n00b
Joined: 07 Feb 2005
Posts: 11
|
| Posted: Wed Mar 02, 2005 11:00 pm Post subject: |
|
|
Awesome link makoomba!! Now to sit down and read it all. :-/ hee hee hee
_________________
(¯'·._-=SchmilK=-_.·'¯) |
|
| Back to top |
|
|
drax_
n00b
Joined: 18 Mar 2005
Posts: 32
Location: France
|
| Posted: Tue Mar 22, 2005 7:45 pm Post subject: |
|
|
makoomba's solution is more "professional" in the fact it uses load balancing, which I would say, is the proper way of doing things.
In your case, and I state:
| Quote: | | if one connection goes down the other will continue to serve the website |
you don't really want to load-balance traffic, just use one interface, and switch if it goes down right?
So if you believe the above is overkill, or just plain not what you want, I think you could do the following:
- Get rid of the two default routes and only leave one. If you put two, you will get packet losses as you already do.
- Code a little script that monitors internet connectivity. If you lose internet connection, it automatically switchs default routes, until it finds internet connectivity again.
What do you think? I'm sure you could hack one up in sh, no perl necessary. And this would solve your "unstable website" problem. |
|
| Back to top |
|
|
dr_rockstar66
n00b
Joined: 10 Nov 2003
Posts: 41
|
| Posted: Tue Mar 22, 2005 9:59 pm Post subject: |
|
|
Hey.. thanks for the reply drax_. Yeah, what you suggest is probably better for my situation..(not really trying to load balance.. just want a fail safe) .unfortunately I have very little programming experience, but I'm sure with a little looking around I'll be able to write a script that can do that... I think...  Thanks again. |
|
| Back to top |
|
|
|
Networking & Security
