#StackBounty: #route #gateway #failover SSH connection issue with failover gateway

Bounty: 50

I have a system which can be accessed via SSH and HTTP. The system have two interfaces (eth0, eth1), and is working with Slackware 14.1.

eth0 : 192.168.1.99, LTE Ethernet Gateway/Modem
eth1 : 172.16.101.250, Local network (with internet access)

eth1 should be used as default route for outgoing traffic, and automatically switch to eth0 when internet not available via eth1. This part is working using a cron and a script.

The main concern is that when switching default gateway, the ingoing traffic to SSH and HTTP are working only with the interface of the default gateway.

/etc/rc.d/rc.inet1.conf

# Config information for eth0:
IPADDR[0]="192.168.1.99"
NETMASK[0]="255.255.255.0"
USE_DHCP[0]="no"
DHCP_HOSTNAME[0]="bridge"

# Config information for eth1:
IPADDR[1]="172.16.101.250"
NETMASK[1]="255.255.128.0"
USE_DHCP[1]="no"
DHCP_HOSTNAME[1]="bridge"

# Default gateway IP address:
GATEWAY="172.16.0.1"

Script executed every minute to verify internet availability on both networks

#!/bin/bash

DEF_GATEWAY="172.16.0.1"      # Default Gateway
BCK_GATEWAY="192.168.1.1"     # Backup Gateway
RMT_IP_1="8.8.8.8"            # first remote ip
RMT_IP_2="8.8.4.4"            # second remote ip
PING_TIMEOUT="1"              # Ping timeout in seconds

# Check user
if [ `whoami` != "root" ]
then
        echo "Failover script must be run as root!"
        exit 1
fi

# Check GW
CURRENT_GW=`ip route show | grep default | awk '{ print $3 }'`
if [ "$CURRENT_GW" == "$DEF_GATEWAY" ]
then
        ping -c 2 -W $PING_TIMEOUT $RMT_IP_1 > /dev/null
        PING=$?
else
        # Add static routes to remote ip's
        ip route add $RMT_IP_1 via $DEF_GATEWAY
        ip route add $RMT_IP_2 via $DEF_GATEWAY
        ping -c 2 -W $PING_TIMEOUT $RMT_IP_1 > /dev/null
        PING_1=$?
        ping -c 2 -W $PING_TIMEOUT $RMT_IP_2 > /dev/null
        PING_2=$?

        # Del static route to remote ip's
        ip route del $RMT_IP_1
        ip route del $RMT_IP_2
fi

if [ "$PING" == "1" ] && [ "$PING_2" == "1" ]
then
        if [ "$CURRENT_GW" == "$DEF_GATEWAY" ]
        then
                ip route replace default via $BCK_GATEWAY
        fi

elif [ "$CURRENT_GW" != "$DEF_GATEWAY" ]
then
        # Switching to default
        ip route replace default via $DEF_GATEWAY
fi

Here are the services listening

# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 *:http                  *:*                     LISTEN     
tcp        0      0 *:auth                  *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN     
tcp        0      0 *:https                 *:*                     LISTEN     
tcp        0      0 *:time                  *:*                     LISTEN     
tcp6       0      0 [::]:ssh                [::]:*

Here is the routing table

# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         172.16.0.1      0.0.0.0         UG    1      0        0 eth1
loopback        *               255.0.0.0       U     0      0        0 lo
172.16.0.0      *               255.255.128.0   U     0      0        0 eth1
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.