Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    failover routing

    Hi Guys,
    I have two ISPs and a linux box in the middle between my lan and both ISPs. What is the best way to do a routing failover? I tried two default routes with different metrics but it doesn't seem to work...

  2. #2

    Re: failover routing

    Doesn't anyone know how to do this???

  3. #3
    Just Joined!
    Join Date
    Jun 2004
    London, UK
    Write a small shell script that pinga test ip and if it is unreachable switch to the other gateway.
    Schedule this script to run every minute or so from cron.

    TESTIP="" # Any reliable Internet ip that responds to ping.
    CURGW=`/sbin/route -n |awk '/^ {print $2 }'`
    if ping -w2 -c3 $TESTIP >/dev/null 2>&1; then
      echo "Active ISP is Ok."
      if [ "$CURGW" = "$GW1" ]; then
      /sbin/route del default
      /sbin/route add default gw $NEWGW
    This script requires that both your ISP's are pre-configured and are not messing with your routing table when connected/disconnected, esp. PPP is know to be quite unpolite when dealing with routes.
    You probably want some sort of test to see if the new path is working as well. Other concerns may be iptables/tc reloading and stuff like that.

    Good luck!

  4. $spacer_open
  5. #4
    I have done this recently.How I have done, I shown as follows:-
    You have to set up an existing Linux machine as a failover router to provide quick and automatic switchover from a dead Internet connection (the primary connection) to one that is operational (the secondary connection).
    To begin, you'll need a PC with any recent GNU/Linux distro installed. You'll also need three network cards to put into this Linux box. Two of the three network cards, say eth0 and eth1, will connect to the Internet routers/gateways of your primary ISP (say ISP1) and secondary ISP (say ISP2). The third network card, say eth2, will connect to your internal LAN.
    Setting up the network
    Begin by setting up your network based on the configuration information available to you. You can make the configurations from the X Window GUI using the Network utility. To do so, open the Network utility from Main Menu > System Settings > Network. This will open up a network configuration window displaying a list of all the network cards installed on your system. Double-click on the network card you wish to configure, select the Statically Set IP Addresses option, and assign the IP address along with the subnet mask. There is also a Default Gateway Address field; tou can leave it blank for the time being, as it can be specified later on from the command line.
    Assign the IP addresses provided to you by your ISPs to the two network cards, eth0 and eth1. In our setup, we assigned eth0= and eth1= (which are public IP addresses), along with the subnet mask
    Assign a private IP address based on your internal LAN subnet to your third card. We assigned eth2=, where was the address range for our internal LAN setup. Save your changes and exit.
    Now turn on IP packet forwarding on the Linux box by changing the value of net.ipv4.ip_forward to 1 in the /etc/sysctl.conf file and executing the command:
    # sysctl -p
    Next, you need to configure iptables by adding certain rules, so that your internal LAN can route packets to the Internet. For this, issue the following commands as root:

    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    # iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

    # iptables -A FORWARD -s -j ACCEPT

    # iptables -A FORWARD -d -j ACCEPT

    # iptables -A FORWARD -s ! -j DROP

    The above commands turn on masquerading in the NAT table by appending a POSTROUTING rule (-A POSTROUTING) for all outgoing packets on the two Ethernet interfaces, eth0 and eth1. The next two lines accept forwarding of all packets to and from the network. The last line drops the packets that do not come from the network.
    To make the iptables rules permanent, save them as follows:
    # iptables-save > /etc/sysconfig/iptables
    Now you must restart your network, as well as iptables:

    # /etc/init.d/network restart

    # /etc/init.d/iptables restart

    To see if your new iptables rules have gone into effect, type iptables --L.
    Enabling failover routing
    After you have configured your network, the next step is to enable failover routing on your Linux box, so that if the first route dies the router will automatically switch over to the next route. To do so, you'll need to add the default gateway routes provided to you by your ISPs for both your network cards:

    # route add default gw dev eth0

    # route add default gw dev eth1

    Here, is the gateway address given by ISP1 and is the gateway address given by ISP2. Replace them with the addresses available to you. These routes will disappear every time you reboot the system. In order to make these routes permanent add the above two commands in the /etc/rc.d/rc.local file, which is run at boot time.
    Also make sure that all the computers on your internal LAN ( have their default gateway address set as the IP address of the eth3 Ethernet interface (i.e. of your failover router.
    Finally, modify the /proc/sys/net/ipv4/route/gc_timeout file. This file contains a numerical value that denotes the time in seconds after which the kernel declares a route to be inactive and automatically switches to the other route if available. Open the file in any text editor and change its default value of 300 to some smaller value, say 10 or 15. Save the changes and exit.
    Now your Linux machine is ready to serve as a failover router, automatically and quickly switching to the secondary route every time the primary route fails.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts