maybe someone could show me a tutorial or an sample configuration to achive an DSL and PPPoE Failover.
I’ve got 2 ISP one DSL (ether2) and one Fibre with PPPoE (ether1).
I want to set the PPPoE as Master WAN and configure DSL as slave / failover if PPPoE is not available.
I found a lot of tutorials with 2 DefaultRoutes with different Distances. These configuration work but only with masquerading!
I’ve got a lot of NAT rules for Portforwarding and explicit External IP’s for each VLAN.
So maybe someone can tell me, how to configure this situation.
Most likely you will have different IP addresses or subnets on these two connections, so it is not possible to failover when you have mappings for inbound connections. When your fiber is down your external IP addresses on the fiber are unreachable, even when your DSL is still working.
So I think it is not possible to do what you want.
Of course, it is no problem to setup translations on more than one interface, I do have two different network connections as well, one with a single address and some portmappings and another one with a subnet and routing. These can happily co-exist, but that is not failover.
When what you really want is balancing or having two external interfaces, you can use routing marks to get the routing working OK. Use a routing mark for one of the two lines (e.g. the DSL), setup a default route to there with that mark, and use IP Rules to select that mark based on the source address of the traffic (i.e. the external address(es) you have on that line).
Then all replies to connects from outside automatically return via the same line.
This is exactly right. Imagine you have two mobile phones. If the first one’s battery dies, you can still place calls from the second one, but people dialing the number of the first phone will only get voicemail. (There’s no “call forwarding” for IP addresses)
The only way you can have the same IP address work over two different providers is with BGP, but you must have at least a full /24 of IP addresses and you’ll never find a DSL provider who will do BGP on their DSL service.
As pe1chl suggested, you could make the same NAT pinholes on the IP addresses of both connections, but of course remote parties will need to know to use the backup IP address if the primary fails. You could make this a little more automatic if your connections use the DNS hostname to reach your network - you could have an external process monitoring the primary IP and update the DNS record to point to the backup IP if the primary one fails…
I’ve tried te solution with duplicate NAT Rules for each ISP.
It works perfect, only our smtp needs an external port, so i entered isp1 and isp2 as mx record with different priority!