I have implemented a solution to this on my astlinux box such that replies to incoming traffic on my failover interface are sent back out over that interface. The specific reason I have this is so that I can access the astlinux web interface at either pbx.myurl.tld and failover.myurl.tld. My failover host forwards traffic on a specific port over the wireguard VPN that connects my main system and the failover gateway.
They way it is done is to use firewall marks (fwmark) to mark traffic coming in on that interface, and a combination of iptables, ip rule and ip route. I have it scripted so that it is setup whenever the wireguard link is brought up and survives firewall restarts. Its been a while but I can go figure out what parts to extract from my scripts and share if there is interest. David On Tue, Jul 23, 2019 at 6:50 PM Lonnie Abelbeck <li...@lonnie.abelbeck.com> wrote: > > ip route add <Zabbix IP Address> dev ppp0 tab 1 > > This route will be removed anytime PPPoE is restarted. > > Otherwise ... test and test again :-) > > Lonnie > > > > > On Jul 23, 2019, at 5:43 PM, Michael Knill < > michael.kn...@ipcsolutions.com.au> wrote: > > > > Whoops I missed that date sorry. I need to be more observant. Although I > assume its still the same. > > No I don't have a path over WG and my Zabbix server pings both > interfaces so I cant put in a static route. > > > > I could however just set up policy routing for the Zabbix server so it > doesn't break anything else e.g.: > > ip route add <Zabbix IP Address> dev ppp0 tab 1 > > ip route add <Zabbix Address> dev eth3 tab 2 > > ip rule add from <ppp0 IP Address>/32 tab 1 priority 500 > > ip rule add from <eth3 IP Address>/32 tab 2 priority 600 > > > > What do you think? > > > > Regards > > Michael Knill > > > > On 24/7/19, 7:34 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> > wrote: > > > > > > > >> On Jul 23, 2019, at 4:24 PM, Michael Knill < > michael.kn...@ipcsolutions.com.au> wrote: > >> > >> Yes I gathered that was the case. Hmm wonder why it was working for a > while. > >> So it doesn't seem too difficult to set up policy based routing from > this article which sends traffic out the interface it was received. > >> https://www.linuxjournal.com/article/7291 > >> > >> What do you think? > > > > That is a 15 year old article, while it looks mostly correct. > > > > Policy routing seems like overkill for your issue. > > > > Is there a path over WireGuard ? possibly fping the WG interface to > see if the path is working ? > > > > Or add a static route ? > > > > Lonnie > > > > > > > > > >> > >> Regards > >> Michael Knill > >> > >> On 24/7/19, 7:12 am, "Lonnie Abelbeck" <li...@lonnie.abelbeck.com> > wrote: > >> > >>> My assumption is that the reply will route out the primary interface > so it will not work. > >> > >> Exactly. If there is not a return route to your source IP the packet > is lost. > >> > >> Or if over WireGuard, a too narrow AllowedIPs to allow the return > packet. > >> > >> Using "ip r" at each end should tell the story. > >> > >> Lonnie > >> > >> > >> > >>> On Jul 23, 2019, at 3:58 PM, Michael Knill < > michael.kn...@ipcsolutions.com.au> wrote: > >>> > >>> Hi group > >>> > >>> Forgive my ignorance but should I be able to ping the failover > Astlinux interface if the primary is up? I cant for one of my sites but it > used to work for some reason. The link seems fine and I can ping the > secondary WAN gateway. > >>> My assumption is that the reply will route out the primary interface > so it will not work. > >>> > >>> Regards > >>> Michael Knill > >>> _______________________________________________ > >>> Astlinux-users mailing list > >>> Astlinux-users@lists.sourceforge.net > >>> https://lists.sourceforge.net/lists/listinfo/astlinux-users > >>> > >>> Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > >> > >> > >> > >> _______________________________________________ > >> Astlinux-users mailing list > >> Astlinux-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/astlinux-users > >> > >> Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > >> > >> > >> > >> _______________________________________________ > >> Astlinux-users mailing list > >> Astlinux-users@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/astlinux-users > >> > >> Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > > > > > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > > > > _______________________________________________ > > Astlinux-users mailing list > > Astlinux-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > > > > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org.
_______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
