Linux routing question

Good morning,

I have a linux routing question to ask. I am working on a linux server,
slackware 10.2 w/2.6.16 kernel, that has 2 ethernet cards in it. This
server is used for network monitoring of a LAN with mrtg and nagios. The
first NIC, eth0, is connected to a switch in the DMZ and has a public
routable IP address to the internet. The second NIC, eth1, is connected to
the internal network switches and has a private 10.x.x.x address to the
local LAN. The default route as of right now points to the internet
gateway router which is what I want. I have a network route set up on the
linux server to the 10.0.0.0 subnet for eth1 to talk to devices in the
private network. So as of right now I can ping and talk to everything I
need to.

Now, here is the wrinkle, this server does device failure notifications via
e-mail to specific persons. If the primary internet connection fails,
obviously, the notifications will not make it anywhere. I have learned
that there is a second internet connection available at a remote office. I
can contact that remote office network through the internal lan routing
with ping and my question is, how can I make this linux server routing
automatically fail-over to use that secondary internet connection if the
primary connection fails?

I am working on this server from 400 miles away where it is physically
located and would prefer to not have to call them to reset it 10,000 times
when I dink the routing table trying to figure it out.

Here is a copy of my current routing table as of right now, I have replaced
any public IP address info with XXX.XXX.XXX.XXX for obvious reasons.

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.240 U 0 0 0 eth0
10.1.2.0 * 255.255.255.0 U 0 0 0 eth1
10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default XXX.XXX.XXX.XXX 0.0.0.0 UG 1 0 0 eth0

Any idea's would be great,
Thanks,
Dave

On 2006-03-29, Dave Hammond <(E-Mail Removed)> wrote:
> Now, here is the wrinkle, this server does device failure notifications via
> e-mail to specific persons. If the primary internet connection fails,
> obviously, the notifications will not make it anywhere.

The simplest solution would be to leave the routing alone and use
MX records in the DNS to address two mail servers for sending the
alerts, one as 'backups' of the other, so if the first one is unreachable
(because he is down or the connection is down) the second one is
automatially selected.

Davide

--
It's a lot less painful and more fun to learn from someone else's
experience than on you own skin. - Bob Arnold

Something I probably should have mentioned before that you may or may not
have been able to glean out of the original post. The internal LAN is
really a WAN, with each remote office having a dedicated T1 link going from
the remote -> HQ. The HQ has a dedicated T1 to the internet. One remote
office also has a dedicated T1 to the internet which is what the secondary
internet connection I was referring to would be. The primary internet
connection is the one at HQ.

Dave

Dave Hammond wrote:

> Good morning,
>
> I have a linux routing question to ask. I am working on a linux server,
> slackware 10.2 w/2.6.16 kernel, that has 2 ethernet cards in it. This
> server is used for network monitoring of a LAN with mrtg and nagios. The
> first NIC, eth0, is connected to a switch in the DMZ and has a public
> routable IP address to the internet. The second NIC, eth1, is connected
> to the internal network switches and has a private 10.x.x.x address to the
> local LAN. The default route as of right now points to the internet
> gateway router which is what I want. I have a network route set up on the
> linux server to the 10.0.0.0 subnet for eth1 to talk to devices in the
> private network. So as of right now I can ping and talk to everything I
> need to.
>
> Now, here is the wrinkle, this server does device failure notifications
> via
> e-mail to specific persons. If the primary internet connection fails,
> obviously, the notifications will not make it anywhere. I have learned
> that there is a second internet connection available at a remote office.
> I can contact that remote office network through the internal lan routing
> with ping and my question is, how can I make this linux server routing
> automatically fail-over to use that secondary internet connection if the
> primary connection fails?
>
> I am working on this server from 400 miles away where it is physically
> located and would prefer to not have to call them to reset it 10,000 times
> when I dink the routing table trying to figure it out.
>
> Here is a copy of my current routing table as of right now, I have
> replaced any public IP address info with XXX.XXX.XXX.XXX for obvious
> reasons.
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> localnet * 255.255.255.240 U 0 0 0
> eth0
> 10.1.2.0 * 255.255.255.0 U 0 0 0
> eth1
> 10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0
> eth1
> loopback * 255.0.0.0 U 0 0 0 lo
> default XXX.XXX.XXX.XXX 0.0.0.0 UG 1 0 0
> eth0
>
> Any idea's would be great,
> Thanks,
> Dave

Dave Hammond <(E-Mail Removed)> writes:

>Good morning,

>I have a linux routing question to ask. I am working on a linux server,
>slackware 10.2 w/2.6.16 kernel, that has 2 ethernet cards in it. This
>server is used for network monitoring of a LAN with mrtg and nagios. The
>first NIC, eth0, is connected to a switch in the DMZ and has a public
>routable IP address to the internet. The second NIC, eth1, is connected to
>the internal network switches and has a private 10.x.x.x address to the
>local LAN. The default route as of right now points to the internet
>gateway router which is what I want. I have a network route set up on the
>linux server to the 10.0.0.0 subnet for eth1 to talk to devices in the
>private network. So as of right now I can ping and talk to everything I
>need to.

>Now, here is the wrinkle, this server does device failure notifications via
>e-mail to specific persons. If the primary internet connection fails,
>obviously, the notifications will not make it anywhere. I have learned
>that there is a second internet connection available at a remote office. I
>can contact that remote office network through the internal lan routing
>with ping and my question is, how can I make this linux server routing
>automatically fail-over to use that secondary internet connection if the
>primary connection fails?

>I am working on this server from 400 miles away where it is physically
>located and would prefer to not have to call them to reset it 10,000 times
>when I dink the routing table trying to figure it out.

>Here is a copy of my current routing table as of right now, I have replaced
>any public IP address info with XXX.XXX.XXX.XXX for obvious reasons.

>Kernel IP routing table
>Destination Gateway Genmask Flags Metric Ref Use Iface
>localnet * 255.255.255.240 U 0 0 0 eth0
>10.1.2.0 * 255.255.255.0 U 0 0 0 eth1
>10.0.0.0 10.1.2.254 255.0.0.0 UG 0 0 0 eth1
>loopback * 255.0.0.0 U 0 0 0 lo
>default XXX.XXX.XXX.XXX 0.0.0.0 UG 1 0 0 eth0


Well, the first thing you do is to insert a specif route which points only
to your machine that you log on which.

route add -host 111.222.333.444 gw XXX.XXX.XXX.XXX eth0
This makes sure that even if the default goes down, the system still knows
how to get packets to your machne 400 miles with IP address 111.222.333.444

Now you can play with the default route.

Have a script which pings or tries to contact an external site every 5 min.
If it fails, the script does
route del default eth0
route add default gw 10.1.2.55 eth1
(where 10.1.2.55 is the internal machine which has external connectivity.
You never told us what its IP was so I made one up)

Alternatively if you do not want a default route, but just have that
internal machine act as a mail relay, set it up to accept mail relay stuff
from you, set up postfile to use it as a mail relay for as long as the
network is borked. Every 5 min check to see if the external connection
works and reset the mail relay.