help using two gatways

spire2z · July 25, 2005, 7:14pm

Hi all,

Just wonder if anybody can help? I have 2 ISP’s with block of public IP’s each same speed.

For now I have only set one IP from each ISP on the WAN interface. Both gateways work on their own by selecting the gateway manually with NAT.

The problem is when I set both gateways to load balance there seems to be a problem that it works for a few mins then gradually stops working after browsing a few sites. I can remove one gateway and it works again.

The only thing I can think of is there is some problem with masquarade that is not documented. Should I set 2 source NAT rules for masquarade with the dst address of both public IP’s? at the mo it’s only 1 rule masquarding the WAN interface which I can see could be wrong.

I followed the instructions and can’t see what is wrong can anybody help.

changeip · July 25, 2005, 7:58pm

On our natted dual gateway setup we have 2 masq rules, one for each outbound interface. Basically setup a rule that says anything going out wan1 masq, and anything going out wan2 masq. That should catch all traffic going outbound and masq it to the correct source ip as it’s going outbound.

If using masq you dont need to specify the IP as it will determine it on the way out the interface dynamically.

Sam

spire2z · July 25, 2005, 9:25pm

I have both on one interface with both addresses on it. I got the impression from the docs that was OK.

Do you think I need an ethernet interface for each line?

tiagom · July 26, 2005, 1:21am

Friends. I am having the same problem of our friend above. The changes are in relation that I have two link of a ISP, the two are entering each one in an interface, I made load balace, and what it occurs it is that always from_net2 starts to work normal, but after second hands does not open the sites of (hotmail, banks and sites in https) and starts to fall the MSN, has the same configuration in another server and I do not have problem the same. I use in this server the service of PPPoE with/interface pppoe server MTU the 1448 default what it can be?
I am thankful since already.

changeip · July 26, 2005, 4:50am

Hmm, never tried single interface with this method. It should work, however using masq might not work as effortlessly that way.

Sam

spire2z · July 26, 2005, 1:20pm

I found out that by adding 2 gateway rules instead of putting both gateways under the one rule seems to work OK.

Still can’t tell if it is load balancing though? Did see activity on both modems though. Need to do more tests.

EDIT —

No this does not work. I tested more and it does not load balance it seems to just use one connection.

Can anybody from MT shed any light on this. The docs are not too good.

spire2z · July 27, 2005, 5:06pm

Tried this with 2 interfaces and still has the same problem.

Please can anybody from MT comment?

I really don’t think there is a problem with the config as I have been using it for ages only when I add the two gatways this effect occurs?

changeip · July 27, 2005, 5:07pm

Post your relevant config info so we can verify.

Sam

spire2z · July 27, 2005, 5:29pm

Hi,

thanks for responding.

My config is as follows:

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.2.1/24 192.168.2.0 192.168.2.255 ether3
1 192.168.1.1/24 192.168.1.0 192.168.1.255 ether2
2 .166..3/28 ..14.32 3..1.47 ether1
3 *2.*.8.2/29 *2.*1.*8.0 *2.*1..247 ether4

[admin@edge.*****e.customers] ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
1 src-address=192.168.1.0/24 action=masquerade

2 src-address=192.168.2.0/24 action=masquerade

[admin@edge.*****e.customers] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, r - rip, o - ospf, b - bgp

DST-ADDRESS G GATEWAY DISTANCE INTERFACE

0 S 0.0.0.0/0 r 83..1.*3 1 ether1
1 XS 0.0.0.0/0 u *2.*.98.**2 1 (unknown)
u *3.**6.**4.33 (unknown)
2 DC 192.168.2.0/24 r 0.0.0.0 0 ether3
3 DC 192.168.1.0/24 r 0.0.0.0 0 ether2
4 DC 83.166.184.32/28 r 0.0.0.0 0 ether1
5 DC 82.71.98.240/29 r 0.0.0.0 0 ether4

Thanks in advance for taking a look.

Just for information you will see on the routes that the one that has the problem is disabled. The route which is enabled is one of the two included in the disabled rule that I have a problem with. Also both gateways work on their own.

dingsingo · July 27, 2005, 5:38pm

Hi,

I’ve the same Problem, too.

On the internal interface is the PPPoE-Server for User login.

The interface 2 ist Uplink one and the interface 3 ist Uplink two.

It gibe two DHCP-pools in der MT and the User become an IP for Pool one oder two. This IP is important for the Routing in Uplink one oder two.

I’ve install the Policy-Routing with Routingtable “Main”, “fromnet_1”, “fromnet_2” and “rest”

Look:

add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow=“” interface=all
action=lookup table=main comment=“” disabled=no add
src-address=10.100.0.0/16 dst-address=0.0.0.0/0 flow=“” interface=all
action=lookup table=net1 comment=“” disabled=no add
src-address=10.200.0.0/16 dst-address=0.0.0.0/0 flow=“” interface=all
action=lookup table=net2 comment=“” disabled=no add src-address=0.0.0.0/0
dst-address=0.0.0.0/0 flow=“” interface=all action=lookup table=rest
comment=“” disabled=no / ip policy-routing table main / ip policy-routing
table net1 add dst-address=10.100.0.0/16 gateway=216.142.xx.xx
preferred-source=0.0.0.0 comment=“” disabled=no / ip policy-routing table
net2 add dst-address=10.200.0.0/16 gateway=192.168.14.111
preferred-source=0.0.0.0 comment=“” disabled=no / ip policy-routing table
rest add dst-address=0.0.0.0/0 gateway=192.168.14.111
preferred-source=0.0.0.0 comment=“” disabled=no

but this dosen’t works good. Is the Transparent Web-Proxy the Problem??
I think that the Routing too “rest” is not ready, have any MT-Worker an Idee??

thx
dingsingo

spire2z · July 28, 2005, 12:02pm

I Just reposted this as I realised I missed some of the config above.

Please somebody help!!

ADDRESS NETWORK BROADCAST INTERFACE

0 192.168.2.1/24 192.168.2.0 192.168.2.255 ether3
1 192.168.1.1/24 192.168.1.0 192.168.1.255 ether2
2 .166..3/28 ..14.32 3..1.47 ether1
3 *2.*.8.2/29 *2.*1.*8.0 *2.*1..247 ether4

[admin@edge.*****e.customers] ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=192.168.1.0/24 out-interface=ether1 action=masquerade

1 src-address=192.168.2.0/24 out-interface=ether1 action=masquerade

2 src-address=192.168.1.0/24 out-interface=ether4 action=masquerade

3 src-address=192.168.2.0/24 out-interface=ether4 action=masquerade

[admin@edge.*****e.customers] ip route> print
Flags: X - disabled, I - invalid, D - dynamic, J - rejected,
C - connect, S - static, r - rip, o - ospf, b - bgp

DST-ADDRESS G GATEWAY DISTANCE INTERFACE

0 S 0.0.0.0/0 r 83..1.*3 1 ether1
1 XS 0.0.0.0/0 u *2.*.98.**2 1 (unknown)
u *3.**6.**4.33 (unknown)
2 DC 192.168.2.0/24 r 0.0.0.0 0 ether3
3 DC 192.168.1.0/24 r 0.0.0.0 0 ether2
4 DC 83.166.184.32/28 r 0.0.0.0 0 ether1
5 DC 82.71.98.240/29 r 0.0.0.0 0 ether4

Thanks in advance.

spire2z · July 28, 2005, 1:50pm

Tried also with Squid on and off.

Seems to last a little longer without web proxy but still no good.