[kwlug-disc] Multiple gateways on one subnet

Fri May 22 17:29:19 EDT 2009

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here is a clear discussion of multi-ISP from the point of view of Shorewall:

http://www.shorewall.net/MultiISP.html#Overview

It may be useful.

Each side of the street has two internet connections: Main+wireless
Bringing the two links together at a single gateway for each side of the
street may simplify your life.  (W)LAN communication between 43Q and 58Q
can be added back in afterward.

Good luck!

Paul Nijjar wrote:
> I think this e-mail might be even less coherent than my last question,
> but here goes: 
> 
> We are in the process of setting up two Internet connections for the
> organization. To our network this looks like two gateways -- one at
> our 43 Queen building and one at 58 Queen. As any of you who have
> attended KWLUG meetings know, there is a crummy wireless link that
> joins the buildings. Each connection has an IPCop box joining it. 
> The machines are all supposed to be on the same subnet, and I really 
> don't want to split them up at this point. 
> 
> One goal is to use the 43Q gateway as a backup for the 58Q one. 
> I sort of have that working by specifying multiple gateways when I
> hand out DHCP addresses. I don't think this is an ideal solution -- my
> preference would be to have the IPCop route to each other when their
> internet connection goes down -- but the solution I have is Good
> Enough for now. 
> 
> Another goal is to have the clients at 43Q use the 43Q internet as
> their primary gateway, and to have the clients at 58Q use the 58Q
> internet. I don't know how to get this working nicely: 
> 
>   - A different server hands out IP addresses via DHCP. Maybe if I
>     fiddle enough I could set up different server pools with different
>     default gateways, but then I
>     have to go around hardcoding MAC addresses to distinguish 43Q
>     computers from 58Q ones. It can be done, but it is brittle. 
> 
>   - I could block DHCP packets from flowing across the wireless link,
>     and then put a separate DHCP server (with non-overlapping address 
>     ranges) on each side. The problem is that I don't really know of a
>     good way to do this filtering. The wireless boxes do not come in
>     with built-in firewalls so I can block the DHCP ports. 
>     
>     I could maybe put another computer or device behind one of the
>     wireless devices, but I don't know how to do this without changing
>     the subnet (since all the firewall devices I know of are routers). 
>     This also adds another point of failure to the system. 
> 
> These are the ideas I have so far. Is there another solution I am
> missing? If you were in my situation what would you do?
> 
> 
> I know that if I was cool I would be asking about load balancing and
> stuff, but really I don't care. At this point I would be happy with
> simple transparent failover and the ability for my client computers to
> use the network connection that is on their side of the street.
> 
> Ideas?
> 
> - Paul
> 
> 
> 
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKFxkv8h2PnOHbiQcRAt1SAJ9mVOd/t/aPAq4SxcGJhho6WEZIHwCfZ3ui
PACzBs1tG7C7MBJ1F6D/U8E=
=W1rf
-----END PGP SIGNATURE-----