Re: Two ISPs, One NAT'ed Internal Subnet, Firewall Policys
From: jludwig (wralphie_at_comcast.net)
Date: 09/21/04
- Previous message: Michael Marsh: "Reiserfs"
- In reply to: Daniel Bartlett: "Re: Two ISPs, One NAT'ed Internal Subnet, Firewall Policys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Daniel Bartlett <bartlett.d@gmail.com>, For users of Fedora Core releases <fedora-list@redhat.com> Date: Tue, 21 Sep 2004 09:37:14 -0400
On Tue, 2004-09-21 at 05:11, Daniel Bartlett wrote:
> Hi,
>
> >
> > That's the simple part. The more interesting part is detecting the "dead"
> > gateway, for some definition of "dead". In the typical external ADSL
> > or cable modem configuration, there can be a failure of communication
> > between the Linux firewall and the ADSL/cable router, between the
> > ADSL/cable router and the ISP, and between the ISP and the wider Internet
> > (usually due to routing screwups, etc., at the ISP). So detecting whether
> > the local gateway (i.e., the ADSL/cable router) is alive is of only
> > marginal utility; one usually wants to detect reachability of the wider
> > Internet, via pinging highly-available sites, or an equivalent method.
> >
> > Then there is the issue of DNS resolution. For many clients, if the ISP's
> > DNS servers are not working, the route to the internet is again of marginal
> > utility. One can configure DNS to use the nameservers of both ISP's, though
> > that doesn't help with certain Byzantine failures (that seem to occur in
> > real life), where one ISP's nameserver returns nonsense. For this and
> > other reasons, it is generally desirable to give priority to the DNS server
> > of the ISP that you are routing through, and a more active approach to
> > DNS server monitoring is often used.
>
> The DNS issue i was thinking of setting up a caching DNS server that
> had its configs updated on the connection failing, ie for the ISP
> nameservers.
>
> >
snip
Convoluted, but ---
You could set up an say in INPUT, FORWARD, etc rule to look for an ICMP
error and send that to syslog or some such that could trigger a script
to change your ISP.
-- jludwig <wralphie@comcast.net> -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Michael Marsh: "Reiserfs"
- In reply to: Daniel Bartlett: "Re: Two ISPs, One NAT'ed Internal Subnet, Firewall Policys"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
