Author Topic: 4 gateways, 2 not allowed to surf on. How?  (Read 1964 times)

Remon

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +4/-0
  • Luctor et emergo
    • View Profile
4 gateways, 2 not allowed to surf on. How?
« on: December 08, 2011, 11:55:42 pm »
I try to configure this situation.

There are 4 gateways defined, with nr4 being the default gateway with the highest preference as well.
1=GPRS router
2=WIFI client router
3=ADSL-Slow
4=Fiber-Highspeed

The intention is that only the ADSL+FIBER gateways allow HTTP traffic to go through.
The other 2, GPRS and WIFI may not be used to carry http trafic over.  Reason is that if both adsl + fiber connections fail then the limited bandwidth offered on 1&2 is reserved for a vpn control link & email.

I tried a testsetup with 2 gateways defined, gw1 one operational to internet, and gw2 nr 2 to a network address in use but not routing to internet causing a dead end.
Then I defined a gateway loadbalance rule that states the http traffic from the zentyal box as source should go over gw2, then I saved.

Result: The gw2 is detected 'dead' by the wan failover events, and is disabled. But when I start browsing on the zentyal box the traffic is not stopped and obviously goes out via gw1.

I would have expected the rules to block the http traffic. But the WAN check (that i need for normal failover) disables the trafficbalance rules for that gateway.


Any help to set this up is most welcome, should else firewall rule be required? The documentation points to QoS (traffic shaping?) to pick this up, but  how to block a traffic service in total via an appointed gateway/eth card ?


« Last Edit: December 09, 2011, 12:01:49 am by Remon »

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: 4 gateways, 2 not allowed to surf on. How?
« Reply #1 on: December 09, 2011, 07:15:23 pm »
Hi Remon,

this is very easy, you don't need QoS, just:

1.- add the 4 gateways and keep them enabled
2.- enable traffic balancing
3.- on /etc/zentyal/network.conf add:
no_balance_gwname = yes
where gwname is the name of your gateway in the Network->Gateways table, add one line for each of the gateways you don't want to be included in the balancing.
4.- create static rules or multigateway rules (better) to select given traffic and send it using these gateways not included in the global balancing.

Cheers!

Remon

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +4/-0
  • Luctor et emergo
    • View Profile
Re: 4 gateways, 2 not allowed to surf on. How?
« Reply #2 on: December 09, 2011, 11:14:45 pm »
Hi jsalamero,
Could you explain more what the exclusion does please?


The effect it has on my 2.2 based system was that it disabled in the gateway view each and all gateways that I had excluded from the balancing.
I had it all setup like this in this order done.

eth0, WAN port setup with an static IP.

Gateways:
fiber, 1, default  -> 10.20.0.33 , an existing but not internet routing device
wifi, 2, nondef  -> 10.20.0.30 , an existing but not internet routing device
adsl,3, nondef  -> 10.20.0.40 , an existing but not internet routing device
gprs,4, nondef  -> 10.20.0.1 , an valid internet routing device

traffic balance enabled
-Multigateway rules ON and added these
-http, from any to any via 'fiber'
-HTTP, from any to any via 'fiber'
-http, from any to any via 'wifi'
-HTTP, from any to any via 'wifi'

-WAN failover enabled in the events section
-WAN gateway test on each of the 4 gateways to check an external host

in /etc/zentyal.network.conf added
no_balance_FIBER = yes
no_balance_WIFI = yes

Then I saved, and when that disabled all my gateways I rebooted with same result. After trying some more times the interface also started refusing to save and the log had errors that it could not reach the gateway. From the above I would have expected no issue to save. And I would have expected the non-internet connected routers to become disabled by the system by the WAN test, while I was prevented from surfing and http traffic via the only correct and enabled GPRS gatway.


Finally I reverted all, and had to put the interface back to DHCP to get it working again.
Did I miss something? Please tell more about the no_balance_gwname settings effect.
« Last Edit: December 10, 2011, 11:12:23 am by Remon »

christian

  • Guest
Re: 4 gateways, 2 not allowed to surf on. How?
« Reply #3 on: December 10, 2011, 07:07:17 am »
did you try to "un-comment"  ::)  (or is this extra "#" character in your post only?)

Remon

  • Zen Monk
  • **
  • Posts: 77
  • Karma: +4/-0
  • Luctor et emergo
    • View Profile
Re: 4 gateways, 2 not allowed to surf on. How?
« Reply #4 on: December 10, 2011, 11:12:12 am »
Its in the post only, thanks.
Could you add any light to the problem itself?

jsalamero

  • Zentyal Staff
  • Zen Hero
  • *****
  • Posts: 1419
  • Karma: +45/-1
    • View Profile
Re: 4 gateways, 2 not allowed to surf on. How?
« Reply #5 on: December 10, 2011, 02:25:35 pm »
I would say that WAN failover disabled the gateways during the saving changes process. Try to get it working first without WAN-failover rules, then add them.

You will see that without the configkeys all gateways are on the default routing table (ip route ls table default) and once you add it and restart network, those with the configkey doesn't appear there anymore.