[Firehol-support] Link Balancer - no routing

Christopher Howard christopher at alaskasi.com
Wed Jul 5 22:51:52 BST 2017 

Ack! Nevermind, I was accidentally pinging the interface address :(


On Wed, 2017-07-05 at 13:15 -0800, Christopher Howard wrote:
> I figured it out! After I set
> 
> net.ipv4.conf.all.accept_source_route =	1
> 
> it started working!
> 
> On Wed, 2017-07-05 at 12:56 -0800, Christopher Howard wrote:
> > Thank you! Is there more to it than adding "masquerade" to the router
> > definition? I did 
> > 
> > file:/etc/firehol/firehol.conf
> > ---------
> > <snip>
> > router lan12wan1 inface enp2s0 outface enp1s0
> >        masquerade
> >        server all accept
> > 
> > router lan12wan2 inface enp2s0 outface enp3s0
> >        masquerade
> >        server all accept
> > <snip>
> > --------
> > 
> > and restarted everything but nothing seems to have changed. Thank you
> > for your help.
> > 
> > On Wed, 2017-07-05 at 22:49 +0300, Tsaousis, Costa wrote:
> > > Hi,
> > > 
> > > 
> > > I think you have forgotten to NAT (snat or masquerade) LAN IPs to the
> > > internet interfaces, so the LAN host are sent to the internet with
> > > private IPs.
> > > 
> > > 
> > > Costa
> > > 
> > > 
> > > 
> > > On Wed, Jul 5, 2017 at 9:42 PM, Christopher Howard
> > > <christopher at alaskasi.com> wrote:
> > >         Hi, I am trying to set up a link balancer. I didn't know
> > >         Firehol /
> > >         link-balancer existed until about two days ago, so be patient
> > >         with me. I
> > >         have things configured so it seems like default route(s) are
> > >         showing up.
> > >         When logged into the router, I can ping the Internet fine.
> > >         However, from
> > >         device connected to the LAN port, I receive IP address, and
> > >         default
> > >         route (to link balancer) is showing, but the device cannot
> > >         ping the
> > >         Internet. Presumably it is some problem with the way I have
> > >         (or haven't)
> > >         configured routing.
> > >         
> > >         On balancer box, I have:
> > >         
> > >         file:/etc/network/interfaces
> > >         --------
> > >         # This file describes the network interfaces available on your
> > >         system
> > >         # and how to activate them. For more information, see
> > >         interfaces(5).G!
> > >         
> > >         source /etc/network/interfaces.d/*
> > >         
> > >         # The loopback network interfacen stopped. Policy is ACCEPT
> > >         EVERYTHING!
> > >         auto lo
> > >         iface lo inet loopback
> > >         
> > >         # WAN1 - Left most port
> > >         allow-hotplug enp1s0
> > >         iface enp1s0 inet dhcp
> > >         
> > >         # WAN2 - 2nd from left
> > >         allow-hotplug enp3s0
> > >         iface enp3s0 inet dhcp
> > >         
> > >         # WAN3 - 3rd from left
> > >         allow-hotplug enp4s0
> > >         iface enp4s0 inet dhcp
> > >         
> > >         # LAN1 - 4th from left
> > >         allow-hotplug enp2s0
> > >         iface enp2s0 inet static
> > >           address 192.168.235.1
> > >           netmask 255.255.255.0
> > >           broadcast 192.168.235.255
> > >           network 192.168.235.0
> > >         --------
> > >         
> > >         file:/etc/firehol/firehol.conf
> > >         --------
> > >         interface any world
> > >                 client all accept
> > >                 server all accept
> > >         
> > >         connmark 0x1 interface enp1s0
> > >         connmark 0x2 interface enp3s0
> > >         
> > >         router lan12wan1 inface enp2s0 outface enp1s0
> > >                server all accept
> > >         
> > >         router lan12wan2 inface enp2s0 outface enp3s0
> > >                server all accept
> > >         --------
> > >         
> > >         file:/etc/firehol/link-balancer.conf
> > >         --------
> > >         LB_DEFAULT_IPV="4"
> > >         
> > >         gateway cable dev enp1s0 gw 192.168.1.1
> > >         gateway sat1 dev ensp3s0 gw 192.168.0.1 check 66.82.4.8
> > >         
> > >         table 1
> > >               default via cable
> > >         
> > >         table 2
> > >               default via sat1
> > >         
> > >         table main
> > >               default via cable weight 150
> > >               default via sat1 weight 50
> > >         
> > >         policy
> > >                 connmark 0x1 table 1
> > >                 connmark 0x2 table 2
> > >         --------
> > >         
> > >         Also on balancer box I see:
> > >         
> > >         #
> > >         cat /proc/sys/net/ipv4/ip_forward
> > >         1
> > >         
> > >          # ip
> > >         route
> > >         default via 192.168.1.1 dev
> > >         enp1s0
> > >         192.168.0.0/24 dev enp3s0 proto kernel scope link src
> > >         192.168.0.5
> > >         192.168.1.0/24 dev enp1s0 proto kernel scope link src
> > >         192.168.1.12
> > >         192.168.235.0/24 dev enp2s0 proto kernel scope link src
> > >         192.168.235.1
> > >         
> > >         (For testing sat1 link is currently down.)
> > >         
> > >         Have I forgot/misconfigured anything obvious?
> > >         
> > >         --
> > >         Christopher Howard
> > >         Computer Assistant
> > >         Alaska Satellite Internet
> > >         3239 La Ree Way
> > >         Fairbanks, Alaska 99709
> > >         1-888-396-5623
> > >         https://alaskasatelliteinternet.com
> > >         personal web site: https://qlfiles.net
> > >         
> > >         
> > >         
> > >         _______________________________________________
> > >         Firehol-support mailing list
> > >         Firehol-support at lists.firehol.org
> > >         http://lists.firehol.org/mailman/listinfo/firehol-support
> > > 
> > > 
> > 
> 

-- 
Christopher Howard
Computer Assistant
Alaska Satellite Internet
3239 La Ree Way
Fairbanks, Alaska 99709
1-888-396-5623
https://alaskasatelliteinternet.com
personal web site: https://qlfiles.net

More information about the Firehol-support mailing list