Skip to main content

Split multi homing-ish?

Hurrah for interface aliasing!

The problem: client has three (3) ADSL interfaces, and a Linux mail server. The mail server now wants to do MailMan things, which implies having a web interface. Typing port numbers is too complicated for some of the people using the web interface <cringe>, but we can’t port-forward from tcp/80 on the primary/defaultroute ADSL interface because that already goes to a busy Win2k3 server which would be a PITA to securely set up to proxy the traffic, and we can’t just bolt the secondary or tertiary ADSL router into a second card on the mail server and forward stuff based on interface because they’re also busy with RDP traffic and need to be administered by someone without much of a Linux clue (and who is also seriously busy, so can’t take the time away from his other duties to pick up said clue, even though he’s otherwise quite a bright lad) and because the router might get replaced we can’t rely on MAC addresses either. Traffic forwarded to this box from the non-defaultroute interfaces would be returned through the default route which belongs to a different ISP, which would of course break some things.

The solution: get the tertiary router to port-forward port 80 to an IP alias on the mail server’s ethernet interface, and use iproute2 to answer all traffic to the alias back out through the tertiary router.

Defaultroute belongs to Swiftel, tertiary ADSL belongs to ArachNet, so step one is to add these two definitions to /etc/iproute2/rt_tables:

42     arachnet
43     swiftel

Defining 9.9.9.1 to be the defaultroute, 9.9.9.3 to be the tertiary router's LAN address, 9.9.9.100 to be the primary LAN address (eth0) of the mail server and 9.9.9.200 to be an alias (ie, the address given to eth0:0), set up two very simple iproute2 tables and two very simple rules to reference them:

ip route add default via 9.9.9.3 table arachnet
ip route add default via 9.9.9.1 table swiftel
ip rule add from 9.9.9.200 table arachnet
ip rule add from 9.9.9.100 table swiftel

The rules for swiftel are not strictly necessary since the ordinary “boring” routing rules would take care of it, but they allow the mail server to be seamlessly default-routed through the secondary ADSL router instread if so desired.

I don’t know if this is the very best way to do it, but it’s working and everyone here’s happy. (-:

Comments

Post a Comment

Popular posts from this blog

new life for an old (FTX) PSU, improved life for one human

the LEDs on this 5m strip happen to emit light centred on a red that does unexpectedly helpful things to (and surprisingly deeply within) a human routinely exposed to it. it has been soldered to a Molex connector, plugged into a TFX power supply from a (retired: the MoBo is cactus) Small Form Factor PC, the assorted PSU connectors (and loose end from the strip) have been taped over. the LED strip cost $10.24 including postage, the rest cost $0, the PSU is running at 12½% of capacity, consumes less power than a laptop plug-pack despite running a fan. trial runs begin today.
Post a Comment
Read more

every-application-is-part-of-a-toolkit at work

I have a LibreOffice Impress slideshow that I wish to turn into a narrated video. 1. export the slideshow as PNG images (if that is partially broken — as at now — at higher resolutions, Export Directly as PDF then use ‘pdftoppm’ (from the poppler-utils package) to do the same). 2. write a small C program (63 lines including comments) to display those images one at a time, writing a config file entry for Imagination (default transition: ‘cross fade’) based on when the image-viewer application (‘display,’ from the GraphicsMagick suite) is closed on each one; run that, read each image aloud, then close each image in turn. 3. run ‘Imagination’ over the config file to produce a silent MP4 video with the correct timings. 4. run ‘Audacity’ to record speech while using ‘SMPlayer’ to display the silent video, then export that recording as a WAV file. 4a. optionally, use ‘TiMIDIty’ to convert a non-copyright-encumbered MIDI tune to WAV, then import that and blend it with the speech (as a quiet b...
1 comment
Read more

boundaries

pushing the actual boundaries of the physical (not extremes, the boundaries themselves) can often remove barriers not otherwise perceived. one can then often resolve an issue itself, rather than merely stonewalling at the physical consequences of the issue.
Post a Comment
Read more