[Firehol-support] Link Balancer - no routing
Christopher Howard
christopher at alaskasi.com
Wed Jul 5 21:56:57 BST 2017
Thank you! Is there more to it than adding "masquerade" to the router
definition? I did
file:/etc/firehol/firehol.conf
---------
<snip>
router lan12wan1 inface enp2s0 outface enp1s0
masquerade
server all accept
router lan12wan2 inface enp2s0 outface enp3s0
masquerade
server all accept
<snip>
--------
and restarted everything but nothing seems to have changed. Thank you
for your help.
On Wed, 2017-07-05 at 22:49 +0300, Tsaousis, Costa wrote:
> Hi,
>
>
> I think you have forgotten to NAT (snat or masquerade) LAN IPs to the
> internet interfaces, so the LAN host are sent to the internet with
> private IPs.
>
>
> Costa
>
>
>
> On Wed, Jul 5, 2017 at 9:42 PM, Christopher Howard
> <christopher at alaskasi.com> wrote:
> Hi, I am trying to set up a link balancer. I didn't know
> Firehol /
> link-balancer existed until about two days ago, so be patient
> with me. I
> have things configured so it seems like default route(s) are
> showing up.
> When logged into the router, I can ping the Internet fine.
> However, from
> device connected to the LAN port, I receive IP address, and
> default
> route (to link balancer) is showing, but the device cannot
> ping the
> Internet. Presumably it is some problem with the way I have
> (or haven't)
> configured routing.
>
> On balancer box, I have:
>
> file:/etc/network/interfaces
> --------
> # This file describes the network interfaces available on your
> system
> # and how to activate them. For more information, see
> interfaces(5).G!
>
> source /etc/network/interfaces.d/*
>
> # The loopback network interfacen stopped. Policy is ACCEPT
> EVERYTHING!
> auto lo
> iface lo inet loopback
>
> # WAN1 - Left most port
> allow-hotplug enp1s0
> iface enp1s0 inet dhcp
>
> # WAN2 - 2nd from left
> allow-hotplug enp3s0
> iface enp3s0 inet dhcp
>
> # WAN3 - 3rd from left
> allow-hotplug enp4s0
> iface enp4s0 inet dhcp
>
> # LAN1 - 4th from left
> allow-hotplug enp2s0
> iface enp2s0 inet static
> address 192.168.235.1
> netmask 255.255.255.0
> broadcast 192.168.235.255
> network 192.168.235.0
> --------
>
> file:/etc/firehol/firehol.conf
> --------
> interface any world
> client all accept
> server all accept
>
> connmark 0x1 interface enp1s0
> connmark 0x2 interface enp3s0
>
> router lan12wan1 inface enp2s0 outface enp1s0
> server all accept
>
> router lan12wan2 inface enp2s0 outface enp3s0
> server all accept
> --------
>
> file:/etc/firehol/link-balancer.conf
> --------
> LB_DEFAULT_IPV="4"
>
> gateway cable dev enp1s0 gw 192.168.1.1
> gateway sat1 dev ensp3s0 gw 192.168.0.1 check 66.82.4.8
>
> table 1
> default via cable
>
> table 2
> default via sat1
>
> table main
> default via cable weight 150
> default via sat1 weight 50
>
> policy
> connmark 0x1 table 1
> connmark 0x2 table 2
> --------
>
> Also on balancer box I see:
>
> #
> cat /proc/sys/net/ipv4/ip_forward
> 1
>
> # ip
> route
> default via 192.168.1.1 dev
> enp1s0
> 192.168.0.0/24 dev enp3s0 proto kernel scope link src
> 192.168.0.5
> 192.168.1.0/24 dev enp1s0 proto kernel scope link src
> 192.168.1.12
> 192.168.235.0/24 dev enp2s0 proto kernel scope link src
> 192.168.235.1
>
> (For testing sat1 link is currently down.)
>
> Have I forgot/misconfigured anything obvious?
>
> --
> Christopher Howard
> Computer Assistant
> Alaska Satellite Internet
> 3239 La Ree Way
> Fairbanks, Alaska 99709
> 1-888-396-5623
> https://alaskasatelliteinternet.com
> personal web site: https://qlfiles.net
>
>
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
>
--
Christopher Howard
Computer Assistant
Alaska Satellite Internet
3239 La Ree Way
Fairbanks, Alaska 99709
1-888-396-5623
https://alaskasatelliteinternet.com
personal web site: https://qlfiles.net
More information about the Firehol-support
mailing list