[Firehol-support] Link Balancer - no routing

Christopher Howard christopher at alaskasi.com
Wed Jul 5 22:15:38 BST 2017 

I figured it out! After I set

net.ipv4.conf.all.accept_source_route =	1

it started working!

On Wed, 2017-07-05 at 12:56 -0800, Christopher Howard wrote:
> Thank you! Is there more to it than adding "masquerade" to the router
> definition? I did 
> 
> file:/etc/firehol/firehol.conf
> ---------
> <snip>
> router lan12wan1 inface enp2s0 outface enp1s0
>        masquerade
>        server all accept
> 
> router lan12wan2 inface enp2s0 outface enp3s0
>        masquerade
>        server all accept
> <snip>
> --------
> 
> and restarted everything but nothing seems to have changed. Thank you
> for your help.
> 
> On Wed, 2017-07-05 at 22:49 +0300, Tsaousis, Costa wrote:
> > Hi,
> > 
> > 
> > I think you have forgotten to NAT (snat or masquerade) LAN IPs to the
> > internet interfaces, so the LAN host are sent to the internet with
> > private IPs.
> > 
> > 
> > Costa
> > 
> > 
> > 
> > On Wed, Jul 5, 2017 at 9:42 PM, Christopher Howard
> > <christopher at alaskasi.com> wrote:
> >         Hi, I am trying to set up a link balancer. I didn't know
> >         Firehol /
> >         link-balancer existed until about two days ago, so be patient
> >         with me. I
> >         have things configured so it seems like default route(s) are
> >         showing up.
> >         When logged into the router, I can ping the Internet fine.
> >         However, from
> >         device connected to the LAN port, I receive IP address, and
> >         default
> >         route (to link balancer) is showing, but the device cannot
> >         ping the
> >         Internet. Presumably it is some problem with the way I have
> >         (or haven't)
> >         configured routing.
> >         
> >         On balancer box, I have:
> >         
> >         file:/etc/network/interfaces
> >         --------
> >         # This file describes the network interfaces available on your
> >         system
> >         # and how to activate them. For more information, see
> >         interfaces(5).G!
> >         
> >         source /etc/network/interfaces.d/*
> >         
> >         # The loopback network interfacen stopped. Policy is ACCEPT
> >         EVERYTHING!
> >         auto lo
> >         iface lo inet loopback
> >         
> >         # WAN1 - Left most port
> >         allow-hotplug enp1s0
> >         iface enp1s0 inet dhcp
> >         
> >         # WAN2 - 2nd from left
> >         allow-hotplug enp3s0
> >         iface enp3s0 inet dhcp
> >         
> >         # WAN3 - 3rd from left
> >         allow-hotplug enp4s0
> >         iface enp4s0 inet dhcp
> >         
> >         # LAN1 - 4th from left
> >         allow-hotplug enp2s0
> >         iface enp2s0 inet static
> >           address 192.168.235.1
> >           netmask 255.255.255.0
> >           broadcast 192.168.235.255
> >           network 192.168.235.0
> >         --------
> >         
> >         file:/etc/firehol/firehol.conf
> >         --------
> >         interface any world
> >                 client all accept
> >                 server all accept
> >         
> >         connmark 0x1 interface enp1s0
> >         connmark 0x2 interface enp3s0
> >         
> >         router lan12wan1 inface enp2s0 outface enp1s0
> >                server all accept
> >         
> >         router lan12wan2 inface enp2s0 outface enp3s0
> >                server all accept
> >         --------
> >         
> >         file:/etc/firehol/link-balancer.conf
> >         --------
> >         LB_DEFAULT_IPV="4"
> >         
> >         gateway cable dev enp1s0 gw 192.168.1.1
> >         gateway sat1 dev ensp3s0 gw 192.168.0.1 check 66.82.4.8
> >         
> >         table 1
> >               default via cable
> >         
> >         table 2
> >               default via sat1
> >         
> >         table main
> >               default via cable weight 150
> >               default via sat1 weight 50
> >         
> >         policy
> >                 connmark 0x1 table 1
> >                 connmark 0x2 table 2
> >         --------
> >         
> >         Also on balancer box I see:
> >         
> >         #
> >         cat /proc/sys/net/ipv4/ip_forward
> >         1
> >         
> >          # ip
> >         route
> >         default via 192.168.1.1 dev
> >         enp1s0
> >         192.168.0.0/24 dev enp3s0 proto kernel scope link src
> >         192.168.0.5
> >         192.168.1.0/24 dev enp1s0 proto kernel scope link src
> >         192.168.1.12
> >         192.168.235.0/24 dev enp2s0 proto kernel scope link src
> >         192.168.235.1
> >         
> >         (For testing sat1 link is currently down.)
> >         
> >         Have I forgot/misconfigured anything obvious?
> >         
> >         --
> >         Christopher Howard
> >         Computer Assistant
> >         Alaska Satellite Internet
> >         3239 La Ree Way
> >         Fairbanks, Alaska 99709
> >         1-888-396-5623
> >         https://alaskasatelliteinternet.com
> >         personal web site: https://qlfiles.net
> >         
> >         
> >         
> >         _______________________________________________
> >         Firehol-support mailing list
> >         Firehol-support at lists.firehol.org
> >         http://lists.firehol.org/mailman/listinfo/firehol-support
> > 
> > 
> 

-- 
Christopher Howard
Computer Assistant
Alaska Satellite Internet
3239 La Ree Way
Fairbanks, Alaska 99709
1-888-396-5623
https://alaskasatelliteinternet.com
personal web site: https://qlfiles.net

More information about the Firehol-support mailing list