[kwlug-disc] Multiple gateways on one subnet

L.D. Paniak ldpaniak at fourpisolutions.com
Fri May 22 17:29:19 EDT 2009

Hash: SHA1

Here is a clear discussion of multi-ISP from the point of view of Shorewall:


It may be useful.

Each side of the street has two internet connections: Main+wireless
Bringing the two links together at a single gateway for each side of the
street may simplify your life.  (W)LAN communication between 43Q and 58Q
can be added back in afterward.

Good luck!

Paul Nijjar wrote:
> I think this e-mail might be even less coherent than my last question,
> but here goes: 
> We are in the process of setting up two Internet connections for the
> organization. To our network this looks like two gateways -- one at
> our 43 Queen building and one at 58 Queen. As any of you who have
> attended KWLUG meetings know, there is a crummy wireless link that
> joins the buildings. Each connection has an IPCop box joining it. 
> The machines are all supposed to be on the same subnet, and I really 
> don't want to split them up at this point. 
> One goal is to use the 43Q gateway as a backup for the 58Q one. 
> I sort of have that working by specifying multiple gateways when I
> hand out DHCP addresses. I don't think this is an ideal solution -- my
> preference would be to have the IPCop route to each other when their
> internet connection goes down -- but the solution I have is Good
> Enough for now. 
> Another goal is to have the clients at 43Q use the 43Q internet as
> their primary gateway, and to have the clients at 58Q use the 58Q
> internet. I don't know how to get this working nicely: 
>   - A different server hands out IP addresses via DHCP. Maybe if I
>     fiddle enough I could set up different server pools with different
>     default gateways, but then I
>     have to go around hardcoding MAC addresses to distinguish 43Q
>     computers from 58Q ones. It can be done, but it is brittle. 
>   - I could block DHCP packets from flowing across the wireless link,
>     and then put a separate DHCP server (with non-overlapping address 
>     ranges) on each side. The problem is that I don't really know of a
>     good way to do this filtering. The wireless boxes do not come in
>     with built-in firewalls so I can block the DHCP ports. 
>     I could maybe put another computer or device behind one of the
>     wireless devices, but I don't know how to do this without changing
>     the subnet (since all the firewall devices I know of are routers). 
>     This also adds another point of failure to the system. 
> These are the ideas I have so far. Is there another solution I am
> missing? If you were in my situation what would you do?
> I know that if I was cool I would be asking about load balancing and
> stuff, but really I don't care. At this point I would be happy with
> simple transparent failover and the ability for my client computers to
> use the network connection that is on their side of the street.
> Ideas?
> - Paul
> _______________________________________________
> kwlug-disc_kwlug.org mailing list
> kwlug-disc_kwlug.org at kwlug.org
> http://astoria.ccjclearline.com/mailman/listinfo/kwlug-disc_kwlug.org
Version: GnuPG v1.4.6 (GNU/Linux)


More information about the kwlug-disc mailing list