The situation

Due to some changes in the internet providers it has been decided to add a new external interface to the router machine via a different provider which will work for some time in parallel. The idea is to have both interfaces actives and to have all the services active on both. Let’s call the interfaces ethA and ethB.

The problem

The problem is that by default you can only do destination based routing and you can only have one default route. So if you have a default route via ethA then when a request comes to ipB then the response packet will go via ethA also. In theory this could work but which provider allows for this?

The solution

  • First you will need the iproute2 package which will allow you to do much more fancy routing such as source routing (a form of policy routing)
apt-get install iproute
  • then create some new routing tables by editing the /etc/iproute2/rt_tables file
100 <b>tableB</b>
  • set the packets with source ipB to go to tableB
ip rule add from <b>ipB</b> table <b>tableB</b>
  • set a default route in tableB via ethB and gwB
ip route add default via <b>gwB</b> dev <b>ethB</b> table <b>tableB</b>
  • flush the route cache
ip route flush cache
  • you can then create 2 scripts if-post-up-eth0.sh and if-pre-down-eth0.sh which contain the above commands and the reverse (flush) commands. Then link these scripts to your ifup and ifdown process via /etc/network/interfaces
iface <b>ethB</b> inet static<br></br>        address <b>ipB</b><br></br>        netmask <b>maskB</b><br></br>        post-up /etc/network/if-post-up-<b>ethB</b>.sh<br></br>        pre-down /etc/network/if-pre-down-<b>ethB</b>.sh

Of course you will replace the bold parts with your specific configuration. You can do the same for ethA and then just change the default route if you need to switch the lines.

Note: to those which said that some articles are too basic I say that if I have spent a few hours with a task then it’s worth writing about it as a record keeping for next time or a simple help for someone else.

Comments:

martin -

Hi. THX! we did the same, but a bit more complicated. but this seams to work perfectly, too. keep it simple ;-)