Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| router:multiisp [2024/02/09 16:06] – willy | router:multiisp [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Dynamic upstream routing ====== | ||
| - | |||
| - | Linux has very powerful routing capabilities, | ||
| - | |||
| - | Let's assume you have **two** upstream connections (for example, one could be a cell phone link, only for emergencies) it would be great to be able to: | ||
| - | * Switch between the two ISPs when one goes down | ||
| - | * Route access to specific servers trough ISP1 or ISP2 | ||
| - | * Route specific services trough ISP1 or ISP2 | ||
| - | * Load-balance your traffic | ||
| - | |||
| - | Having two ISPs is important for redundancy. When you start to rely on your home services for your everyday life you want them to be always accessible, so if ISP1 goes down switch to ISP2. | ||
| - | |||
| - | If your ISP1 is, for example, much faster **but** with a data-cap, while ISP2 is slower, but with unlimited data? It would be great to route all traffic trough ISP1, but some apps (like //usenet// or // | ||
| - | |||
| - | More over, you will want to set-up two SSH tunnels one trough ISP1 and one trough ISP2 so in any case you have remote access. | ||
| - | |||
| - | To achieve this you need to operate on two levels: | ||
| - | * At **NAT** level to set specific rules for packet filtering & modification inside the kernel | ||
| - | * At **route** level, because packets **need** to be properly routed outside | ||
| - | |||
| - | ===== Automatic ISP handoff ===== | ||
| - | <WRAP center round todo 60%> | ||
| - | TBD | ||
| - | </ | ||
| - | |||
| - | |||
| - | ===== Select ISP based on destination ===== | ||
| - | |||
| - | I will assume ISP1 is your **default gateway**, and you can have only one default route. The basic idea is that if i want to reach // | ||
| - | |||
| - | The **nft** rule will instruct the NAT to send any request from the internal network trough ISP2 interface and not the default gateway. Without this, 77.77.77.77 will **not** be reachable from the internal network. | ||
| - | |||
| - | The **route** rule will make sure that 77.77.77.77 is accessed trough ISP2 and not ISP1. This will work only for the home server, unless the nft rule is also applied this is because our NAT goes trough the ISP1, but home server route for 77.77.77.77 goes trough ISP2, making that IP address unreachable for devices on the home network. | ||
| - | |||
| - | <code bash> | ||
| - | nft add rule nat postrouting oifname " | ||
| - | ip route add 77.77.77.77 via 192.168.1.254 dev enp59s0u2u4c2 | ||
| - | </ | ||
| - | |||
| - | |||
| - | ===== select ISP based on service ===== | ||
| - | |||
| - | I will show you how to run each service in it's own user. This means that you can route your services based on their users routing, and Linux allows you to route different users differently if needed, which is neat! | ||
| - | |||
| - | <WRAP center round todo 60%> | ||
| - | this is still a WIP | ||
| - | </ | ||
| - | |||
| - | |||
| - | < | ||
| - | ip route add default via 192.168.1.254 dev enp59s0u2u4c2 table other_isp_table | ||
| - | ip rule add uidrange 100-100 lookup other_isp_table | ||
| - | echo 2 > / | ||
| - | </ | ||
| - | |||
| - | |||
| - | ==== Automation | ||
| - | [[https:// | ||
| - | |||
| - | |||
| - | ====== All done? ====== | ||
| - | |||
| - | Now you can access internet safely from the home network. | ||
| - | |||
| - | To learn how to reach the internal server from the **internet**, | ||
| - | |||
| - | |||