I've been trying to join the LARTC mailing list all week, but have yet
to get any response from them...hence my post here. I figured someone
here might know how to get this going. I have Shorewall running on both
firewalls/routers...so it's slightly on-topic. :^)
Here's my network map:
Public subnet----\ /--- Link 1 ---\
-| Router 2 | - -| Router 1
|--| Internet |
Public subnet----/ \--- Link 2 ---/
Sorry if the ASCII doesn't show up correctly. I hope it does.
Anyway, router 1 is running Proxy Arp for several public subnets to dish
them across link 1 and 2 so they can reside on the backside of router 2.
Router 1 has link 1 and 2 plugged in to separate interfaces, as does
router 2. Link 1 and 2 have unique private subnets assigned to them.
Link 1 and 2 are both wireless bridge devices. Link 1's bridge devices
will physically take the wired Ethernet connection down when they can
not communicate to each other wirelessly, resulting in an ifdown state
on router 1 and router 2.
Routing tables in router 1 are:
Public subnet 1 via R2L1 IP metric 10
Public subnet 1 via R2L2 IP metric 100
Public subnet 2 via R2L1 IP metric 10
Public subnet 2 via R2L2 IP metric 100
Routing tables in router 2 are:
Default via R1L1 IP metric 10
Default via R1L2 IP metric 100
Obviously, link 1 is the more desirable route. Packets traverse from
the Internet to the public subnets on router 2 exactly as expected when
both links are functioning. All traffic runs over link 1. Now to my
problem:
I have two links for failover reasons. I've setup, I believe, the
easiest, simplest mechanism for route failover, as the bridge devices
are plugged directly into discreet physical interfaces on both routers.
When I force link 1 down, routes via it's subnet are immediately removed
from the routing table as expected. Router 1 can still ping devices on
the public subnets connected to router 2. The problem is that nothing
outside of router 1 can communicate with the public subnets.
I've done an "ip route flush cache" on both routers during a simulated
failure, but that didn't allow hosts other than router 1 to communicate
with the public subnets. I let the simulated situation sit for a while
after reading some of the garbage collection parameters for the kernel
on the LARTC site, assuming that the routes were still lingering on one
router or another. Nothing I have tried yet has managed to get the
failover to work for any device other than router 1 itself.
Does anyone have any idea why Internet hosts can't communicate with the
public subnets on router 2 when link 1 is physically down? Again, I
would have posted this on the LARTC mailing list, but I haven't gotten a
subscription response yet. I've tried subscribing several times over
the course of this week.
Thanks for any and all input.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
