[Firewall] checking on any multiroute plugin additions people may have written

Gustin Johnson gustin at meganerd.ca
Wed Feb 29 17:46:56 CET 2012


Nope, I just did some load balancing and did not worry too much about
failover.  We had 3 x 3g connections from different providers to load
balance in a well connected city.  If I unplugged one of the 3g connections
there was some lag (but less than a minute) before it all started working
again.  I did not look at it too closely but the Linux kernel seemed to be
doing the dead link detection on its own.

A local Internet/gaming cafe sets up 12 or so computers at our local
Comicon (the owner of the cafe is a friend).  He needed Internet access in
short order so this is what I cobbled together for him.

I added all three gateways to arnos config, but other than that this should
be where all the magic happens.

I put it up what I have on github:
https://github.com/meganerd/arno-multiroute

It is in a really sad state but I do plan to work on it some more (I do
have 2 connections I can work with).

Cheers,

On Wed, Feb 29, 2012 at 6:37 AM, Arno van Amersfoort <
arnova at rocky.eld.leidenuniv.nl> wrote:

> It probably uses cron to detect any line failures? Would still be nice if
> we could implement this into the multiroute plugin but I don't have the
> time nor the setup to do it at the moment...
>
> a.
>
>
> On 02/28/2012 02:33 AM, Gustin Johnson wrote:
>
>> I have used Arno's iptables script in addition to a custom built script
>> to do load balancing across 3 connections.  I did not use the plugin but
>> had a simple bash script that made use of the examples at
>> http://lartc.org
>>
>> I have not spent any time integrating it or cleaning it up (it is
>> something I needed for a week with 2 days notice).  Your welcome to it
>> once I dig it out of the machine in question.
>>
>> On Sun, Feb 26, 2012 at 4:45 PM, Tim Miller Dyck <tim at peaceworks.ca
>> <mailto:tim at peaceworks.ca>> wrote:
>>
>>    Hi,
>>
>>    I'm going to be using the multiroute plugin for the first time with
>>    arno-iptables-firewall 2.0.0.c when we add a second internet
>>    connection to one site that has outgrown a single connection.
>>
>>    The default arno-iptables-firewall multiroute script does
>>    load-balancing of connections across both interfaces but mentions
>>    limitations around link failover (lack of dead gateway detection in
>>    the Linux kernel, though kernel patches exist to add this).
>>
>>    I'm wondering if anyone has written any additions to the multiroute
>>    script that add additional functionality, e.g.
>>
>>      - allow configuration of which traffic goes over which link (e.g.
>>    by source IP, destination IP, or destination port) instead of just
>>    load-balancing across both connections
>>
>>      - add some level of link monitoring that will direct all traffic
>>    to the alternative link and flush route tables if one link goes down
>>
>>    Thanks!
>>
>>    Tim Miller Dyck
>>    Ontario, Canada
>>    ______________________________**_________________
>>    Firewall mailing list
>>    Firewall at rocky.eld.leidenuniv.**nl <Firewall at rocky.eld.leidenuniv.nl>
>>    <mailto:Firewall at rocky.eld.**leidenuniv.nl<Firewall at rocky.eld.leidenuniv.nl>
>> >
>>
>>    http://rocky.eld.leidenuniv.**nl/mailman/listinfo/firewall<http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall>
>>    Arno's (Linux IPTABLES Firewall) Homepage:
>>    http://rocky.eld.leidenuniv.nl
>>
>>
>>
>>
>> ______________________________**_________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.**nl <Firewall at rocky.eld.leidenuniv.nl>
>> http://rocky.eld.leidenuniv.**nl/mailman/listinfo/firewall<http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall>
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
> ______________________________**_________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.**nl <Firewall at rocky.eld.leidenuniv.nl>
> http://rocky.eld.leidenuniv.**nl/mailman/listinfo/firewall<http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall>
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20120229/5f559798/attachment.html>


More information about the Firewall mailing list