[ale] Odd network setup w/ iptables NAT routing

James Sumners james.sumners at gmail.com
Wed Jul 14 08:35:27 EDT 2010 

I understood your situation to be that you have two external
connections coming into the firewall 24/7. That is, DSL on eth0 and T1
on eth1 (or whatever, I've never dealt with a T1). I thought the
"manual" part was all done at a keyboard. Now I understand that you
have to unplug the DSL connection from the firewall and plug in the
T1? If that's the case, well, I don't know what to suggest in regard
to the two networks.

I assume you're just power cycling the AT&T modem? I'm fairly positive
that you will not be able to power cycle that thing remotely. I'd be
shocked if AT&T offers anything that useful. You might look into a PCI
modem[1]. Then you can remotely take the interface down and bring it
back up via your dial-up connection.

[1] -- http://www.google.com/products?q=pci+dsl+modem

On Tue, Jul 13, 2010 at 11:35 PM, Michael B. Trausch <mike at trausch.us> wrote:
> On Tue, 2010-07-13 at 14:35 -0400, James Sumners wrote:
>> I suppose that would depend on the distribution and the qualification
>> for "down" on the external link. On Debian there is the
>> `/etc/network/if-post-down.d/` directory which contains scripts to
>> execute when interfaces are taken down. If that isn't the case, then I
>> think a regular poll to the external network would be the best option.
>> If you can't ping the gateway it's a pretty sure bet that you can't do
>> anything else.
>>
>> When you do find that the network is down, wouldn't it be easy to
>> flush the iptables rules for the old route and restore the rules for
>> the new route? That could surely be scripted easily.
>>
>> What about bridging the two networks into one? Then the remote routers
>> should take care of things.
>
> I'm not entirely sure what you mean.  Let me try to clarify a bit, since
> I'm about to climb back into the car and drive 20 (40 round trip) miles
> just to powercycle a stupid $@$%&*@ piece of AT&T equipment...
>
> I manage (currently) 8 workstations, 3 server machines, and a network
> printer/fax/scanner on this little network.  The three server machines
> and the printer all have static IP addresses, and the workstations have
> DHCP addresses; all the systems but one (presently) have 172.16.3.0/24
> addresses, though the other two servers will be getting global IP
> addresses soon, assuming this $%@%@^ network will stay up.
>
> Alright, so, all these machines are on a single switch.
>
> The firewall system, which has a global IP address, is physically
> attached to a DSL modem (AT&T) and a T1 (effectively a *very* fractional
> T1, since it's shared with the phone system).
>
> Now, I just spot-checked to see if I could reach things.  I could not.
> To verify that the thing is down and that it's not my system or
> connection or whatever that's fscked, I have a modem here and a modem
> there, so I can dial-in and try to reach the outside world from there.
>
> Of course, I can't.
>
> Now, I can (manually!) move things over to the T1 line.  Though, that's
> a bit of a problem, because for whatever reason that IP address is in
> some residential blocklist and the maintainer of the blocklist refuses
> to acknowledge my emails in trying to get it unblocked (that's because
> they block my whole domain as a matter of policy, because I use GAFYD
> for my email service---that's the *stupidest* thing I have *ever* heard
> in my life).  So I can't stay on the T1, I must actually get and keep
> the DSL working.
>
> Anyway, what I'm down to is powercycling as needed.  Maybe what I should
> be asking is if there is something out there that I can plug into the
> serial port that will powercycle an appliance when it seems to have gone
> dead.  Utter piece of crap...
>
>        --- Mike
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59

More information about the Ale mailing list