Jump to content


  • Content Count

  • Joined

  • Last visited

  1. Thanks, and forgive my previous mess up. I have now set both NAT rulesets as enabled on my script. Everything runs OK. After setting a route on /etc/conf.d/net with a higher metric than the one I get from my ISP, I can now flawlessly unplug the cablemodem and have connection from my clients keep running. For testing I ran an mtr command with --curses and I can see the gateways and related nodes for my neighbour's wifi appear, while the gateways and nodes of my ISP start losing packets (expected since mtr was running from before I unplugged the cable). After plugging the cablemodem back again, the opposite happens. Thanks again! I will mark this as solved and nevertheless keep looking into Funtoo to install it on my first physical box that becomes available :)
  2. Sorry for the double posting, but I wanted to clear up the reason why I need to run a script. If it is actually possible to have 'dynamic' IPTables rules that kick in only when certain conditions are met, or if I can have both sets of NAT rules in place, then there's no need to run a script when my ISP fails and this can be done via standard OpenRC even.
  3. The laptop always has its own rules for NATting. My purpose is not to change anything on the rest of my LAN clients (my DHCP server sets the default gw for my NAT on my main gateway machine). So in order to do this, the only way I see it is to change my main gateway IPTables rules so, instead of NATting through eth0 (which when the issue happens is a dead interface since it goes nowhere), to NAT again via eth1. There is, I think, a double NAT in place when the issue happens, given my solution. 1. from LAN clients to the main gateway. The gateway NATs the packages and sends them via eth1 back out again, headed for my laptop 2. from the main gateway to the laptop, the laptop NATs the packages again so they can be sent to the wifi router (my laptop is wired to the LAN, which leaves the wlan0 interface free to hook up to the neighbour's wifi). Is it possible to make my main gateway route incoming packets headed for the internet to my laptop without having to put NAT rules in place? Normally, just adding the default gw route to the laptop when this happens does not make the rest of my clients regain Internet connectivity. Only when I add the new default gw route AND fix the NAT rules do I regain connectivity on my client machines.
  4. overkill, yes, you are right. My problem is not specific to the routes, which I could already solve with what you pointed out, but with my IPTables script. Forgive me if I was not clear enough. When everything works normally, NATting on my gw is done between eth0 and eth1 (eth0 being the 'public' interface and eth1 being the 'private' interface). However, when my ISP fails, I must change NATting so it is done between eth1 and eth1 (since the new actual gw for the LAN is now my laptop, which already is on my LAN on eth1), and then back again to the normal way when my ISP comes back. For the sake of clarity, here are the two relevant functions from my IPTables script: function natnormally { iptables -t nat -A POSTROUTING -o $WAN -s $LOCALNET -d 0/0 -j MASQUERADE iptables -A FORWARD -t filter -i $LAN -o $WAN -d 0/0 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -t filter -i $WAN -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT } function natabnormally { iptables -t nat -A POSTROUTING -o $LAN -s $LOCALNET -d 0/0 -j MASQUERADE iptables -A FORWARD -t filter -i $LAN -o $LAN -d 0/0 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -t filter -i $LAN -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT } - $WAN = eth0 - $LAN = eth1 - $LOCALNET = my local LAN IP range I know a decent amount of IPTables but I'm no expert, and so far in my tests I could not have these two set of rules be applied at the same time. Is it actually possible to have thes etwo sets of NAT rules enabled at the same time, and have everything else be ruled by the two routes, based on their metrics? Cheers
  5. Hello Funtoo! First of all, excuse if the topic is not in the proper forum. My question is network-related (for a server, actually) but could not find a network-specific forum. I am a Gentoo user since the end of 2006, and ever since I heard about Funtoo, I've been looking at it with a mixture of love and curiosity. Recently a friend (PeGa!, I dunno if he's registered in the forums or active in the community) who has been using Funtoo for a while, pointed me to a news piece by drobbins re. Funtoo upgrades, and I decided to dig in a little more, particularly the networking system (since OpenRC does not do what I want to do, go on reading and you'll see what I mean). My main issue is the following: whenever my ISP (cablemodem, hooked up to eth0 on my Gentoo gateway) has one of those issues, I lose my public IP address on eth0, and am given a private IP (192.168.etc), with a lease time of ~30secs. dhclient keeps renewing for an indefinite amount of time, and only when my ISP fixes their stuff (and coincidentally, the rest of the cablemodem lights light up) do I recover a public IP. Whenever this happens, I have another laptop at home, which is constantly hooked up to the neighbour's wifi, and is all set up with IPTables to share its connectino. So, whenever this happens, I add an additional route on my gateway, and put as default gateway this laptop, which is accessible via eth1 (since it is on my LAN), and fix my IPTables script so my gateway can NAT properly. This makes it possible for all my LAN machines to recover their Internet connection and I can keep on working. However, when my ISP comes back, I get another default route added (for eth0, since it is now up again), so I have to go in my gateway, delete the previously added default route via eth1, and re-run my IPTables script so it has the normal rules for NATing via the eth0 connection. Now my question is: does the network infrastructure system of Funtoo have a way to automate this, without having to perform manual intervention? I can simplify this at the most with this statement: can Funtoo run a custom script whenever a default gw route on a specific interface is lost, and run another script (or the same one, with different parameters) when the default gw route on that same interface comes back? Cheers and thanks in advance godlike.-
  • Create New...