Very Computer

Hope someone can help me with this..

On our network, the router (delivered by our ISP) has an IP
address like 123.123.123.1. We have bought a new router
with linux to enable redundant internet connections, control
traffic etc, and now I want to put it into production.

However, we have hundreds of users with the default gateway
123.123.123.1 configured, and I don't want to have to change
the config on all computers.

Here is what I want to do:
1. Plug the existing router directly into eth2
2. Add route to 123.123.123.1 through eth2
3. Add 123.123.123.1 as default gw
4. Add static ARP entry to 123.123.123.1 (?)
5. Put eth0 on ip 123.123.123.1

Thus, all users would now be using the new router as default
gateway, no changes needed.

I tried this, and here is what happened:
1. plugged the existing router directly in eth2, and was able
    to ping it ok
2. no problem
3. no problem
4. no problem
5. As soon as i issued ifup eth0 after the ip change, I was
unable to ping 123.123.123.1, even if i specified through eth2.
If i ran ifdown eth0, then "ping -I eth2 123.123.123.1" worked
as it should.

Does anybody have any clue as to how I can accomplish this?
Any suggestions would be appreciated.

Sincerely,
-Oyvind

Set up eth2 with any other 123.123.123.x IP netmask 255.255.255.255
broadcast (same as IP).  Same host and default routes to 123.123.123.1 on
dev eth2.

echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp.

Then eth0 should answer arp requests for anything on its other interfaces
(including 123.123.123.1).  However, you have not said what is on eth1, so
maybe you need to read the Adv-Routing HOWTO instead of using proxy_arp
(if you are doing something like load balancing or fallback between eth1 &
eth2 for internet connections).

If 123.123.123.1 represents a public IP, you likely also need to do some
sort of masquerading.

--
David Efflandt - All spam ignored  http://www.de-srv.com/
http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

]Hi everyone

]Hope someone can help me with this..

]On our network, the router (delivered by our ISP) has an IP
]address like 123.123.123.1. We have bought a new router
]with linux to enable redundant internet connections, control
]traffic etc, and now I want to put it into production.

]However, we have hundreds of users with the default gateway
]123.123.123.1 configured, and I don't want to have to change
]the config on all computers.

]Here is what I want to do:
]1. Plug the existing router directly into eth2
]2. Add route to 123.123.123.1 through eth2
]3. Add 123.123.123.1 as default gw
]4. Add static ARP entry to 123.123.123.1 (?)
]5. Put eth0 on ip 123.123.123.1

]Thus, all users would now be using the new router as default
]gateway, no changes needed.

]I tried this, and here is what happened:
]1. plugged the existing router directly in eth2, and was able
]    to ping it ok
]2. no problem
]3. no problem
]4. no problem
]5. As soon as i issued ifup eth0 after the ip change, I was
]unable to ping 123.123.123.1, even if i specified through eth2.
]If i ran ifdown eth0, then "ping -I eth2 123.123.123.1" worked
]as it should.

]Does anybody have any clue as to how I can accomplish this?
]Any suggestions would be appreciated.

Well, tell us what the IP on eth0 is. Also the routes.
ifconfig -a
with eth0 up
route -n with eth0 up.

(by the way, what system is this on? If the router the linux box or is
the router some separate machine? We need more info here to give good
advice.)

Thanks a whole lot for answering! :-)

123.123.123.1 is the default gateway, it's a preconfigured router delivered
to
us from our ISP. There are no services that we need on it.

eth1 is used for our second internet connection, our 'backup connection',
its
got an ip like 234.234.234.118
I have configured iptables to do dnat to some of our hosts on eth0. To make
this work i had to read some of the adv routing howto, esp chapter 4.
eth0 is our internal network, on ip 123.123.123.247
eth2 is our internal network, on ip 123.123.123.246

I have not configured load balancing, all outbound traffic should go through
eth2 if the connection is alive. Only if the connection dies should outgoing
traffic be sent through eth1.

So let me see if i understand:
- I turn on proxy arp for eth0
- eth2 should be configured like this (ifcfg-eth2):
DEVICE=eth2
BOOTPROTO=static
IPADDR=123.123.123.246
NETMASK=255.255.255.255
BROADCAST=123.123.123.246
ONBOOT=yes

And these entries are correct (from 'route') ?
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
123.123.123.1   *               255.255.255.255 UH    0      0        0 eth2
default         123.123.123.1   0.0.0.0         UG    0      0        0 eth2

I tried the ifcfg settings above, and at least I'm able to ping
123.123.123.1
through eth2. The route settings are the same as I always had..

You said that "eth0 should answer arp requests for anything on its other
interfaces", and I'm a bit confused. I only need it to answer for
123.123.123.1. What hosts can be considered 'on its other interfaces'?

I will read up on proxy_arp, and see if it lets me do what i want it to,
then
experiment some more later. This seems promising! :-)

Sincerely,
- Oyvind

Quote:> Set eth0 to any IP other than 123.123.123.1

> Set up eth2 with any other 123.123.123.x IP netmask 255.255.255.255
> broadcast (same as IP).  Same host and default routes to 123.123.123.1 on
> dev eth2.

> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp.

> Then eth0 should answer arp requests for anything on its other interfaces
> (including 123.123.123.1).  However, you have not said what is on eth1, so
> maybe you need to read the Adv-Routing HOWTO instead of using proxy_arp
> (if you are doing something like load balancing or fallback between eth1 &
> eth2 for internet connections).

> If 123.123.123.1 represents a public IP, you likely also need to do some
> sort of masquerading.

> --
> David Efflandt - All spam ignored  http://www.de-srv.com/
> http://www.autox.chicago.il.us/  http://www.berniesfloral.net/
> http://cgi-help.virtualave.net/  http://hammer.prohosting.com/~cgi-wiz/

PPPoE(eth1)-Linux1-eth0-----eth0-Linux2-eth1-----WAP  wireless-laptop
Linux1 does firewall/masq
proxy_arp is enabled for eth0 of Linux2
eth1 of Linux2 is 255.255.255.248 subnet of main LAN 255.255.255.0 subnet.

In your case you have:
eth0-----alternate gw
eth1-----internet-masq(default)
eth2-----LAN

With proxy_arp enabled on eth0, it would answer for IPs on eth2, and you
should not have any traffic destined for the internet coming in through
eth0, so it should work.  You need to masquerade anything going out eth1.  
Not sure if you need to masq eth0 (depends whether eth0 and eth2 are
public IPs).

Quote:>> Set eth0 to any IP other than 123.123.123.1

>> Set up eth2 with any other 123.123.123.x IP netmask 255.255.255.255
>> broadcast (same as IP).  Same host and default routes to 123.123.123.1 on
>> dev eth2.

>> echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp.

>> Then eth0 should answer arp requests for anything on its other interfaces
>> (including 123.123.123.1).  However, you have not said what is on eth1, so
>> maybe you need to read the Adv-Routing HOWTO instead of using proxy_arp
>> (if you are doing something like load balancing or fallback between eth1 &
>> eth2 for internet connections).

>> If 123.123.123.1 represents a public IP, you likely also need to do some
>> sort of masquerading.

My conclusion so far is that this is doable, but there is no way for me to
flush the arp cache on the ISP's router. The default timeout is 14400
seconds (4 hours), and we really want to avvoid that kind of downtime.

Sincerely,
- Oyvind

Over time, re-configure all your clients to use DHCP (for all network
settings, not just IP address), so that you can change the default gateway
by merely changing the DHCP server's configuration!