[kwlug-disc] Multiple gateways on one subnet
ldpaniak at fourpisolutions.com
Fri May 22 17:29:19 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Here is a clear discussion of multi-ISP from the point of view of Shorewall:
It may be useful.
Each side of the street has two internet connections: Main+wireless
Bringing the two links together at a single gateway for each side of the
street may simplify your life. (W)LAN communication between 43Q and 58Q
can be added back in afterward.
Paul Nijjar wrote:
> I think this e-mail might be even less coherent than my last question,
> but here goes:
> We are in the process of setting up two Internet connections for the
> organization. To our network this looks like two gateways -- one at
> our 43 Queen building and one at 58 Queen. As any of you who have
> attended KWLUG meetings know, there is a crummy wireless link that
> joins the buildings. Each connection has an IPCop box joining it.
> The machines are all supposed to be on the same subnet, and I really
> don't want to split them up at this point.
> One goal is to use the 43Q gateway as a backup for the 58Q one.
> I sort of have that working by specifying multiple gateways when I
> hand out DHCP addresses. I don't think this is an ideal solution -- my
> preference would be to have the IPCop route to each other when their
> internet connection goes down -- but the solution I have is Good
> Enough for now.
> Another goal is to have the clients at 43Q use the 43Q internet as
> their primary gateway, and to have the clients at 58Q use the 58Q
> internet. I don't know how to get this working nicely:
> - A different server hands out IP addresses via DHCP. Maybe if I
> fiddle enough I could set up different server pools with different
> default gateways, but then I
> have to go around hardcoding MAC addresses to distinguish 43Q
> computers from 58Q ones. It can be done, but it is brittle.
> - I could block DHCP packets from flowing across the wireless link,
> and then put a separate DHCP server (with non-overlapping address
> ranges) on each side. The problem is that I don't really know of a
> good way to do this filtering. The wireless boxes do not come in
> with built-in firewalls so I can block the DHCP ports.
> I could maybe put another computer or device behind one of the
> wireless devices, but I don't know how to do this without changing
> the subnet (since all the firewall devices I know of are routers).
> This also adds another point of failure to the system.
> These are the ideas I have so far. Is there another solution I am
> missing? If you were in my situation what would you do?
> I know that if I was cool I would be asking about load balancing and
> stuff, but really I don't care. At this point I would be happy with
> simple transparent failover and the ability for my client computers to
> use the network connection that is on their side of the street.
> - Paul
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the kwlug-disc_kwlug.org