Multiple internet connections in one box

Sometimes it is needed to have multiple internet connections in one Linux box. To distinguish it from a more common scenario – it means that multiple default routes are specified.
Multiple default routes is a bit of a dilemma – default route is loosely defined as ‘if everything else fails send packets there’. By definition there can not be two or more last resort options.
One of those internet connections therefore should be designed as default, and configured normally, giving it IP address, default gateway and so on.
The rest should have its IP addresses configured.
The default connection should work as normal, but the other connections are basically useless. Everything, that is not in directly reachable subnets, goes out using default gateway, which is not what is needed.
At least all packets coming in from an interface should get its answers sent out through the same interface.

Taking a very simplified view on IP routing, there is a routing table where networks and gateways are defined and there is one special default gateway, if there is no route for that packet.
To have multiple default routes, multiple routing tables are used. Simple as that. There is one lookup table which is used to determine what routing table to apply for that packet.

All those tables are configurable via iproute2

Now, that all that theory is briefly looked at, lets configure.

network interface eth0 is using IP with mask and gateway
network interface eth1 is using IP with mask and gateway

lets set interface eth0 up as a normal.

lookup table should be like this:
ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default

table main is the one we use normally and it looks like so:
ip route list table main dev eth0 proto kernel scope link src dev lo scope link
default via dev eth0

If not defining table for ip route list, table main is shown by default.

One more routing table is needed. Lets name it ‘second’.

echo "200 second" >> /etc/iproute2/rt_tables

200 is just as good number as any. Looking at this file, numbers 0, 253, 254 and 255 are in use already, so anything that is not in use should be OK.

lets add a rule for our second network.

ip rule add from lookup second

Looking at rule list:
ip rule list
0: from all lookup local
32765: from lookup second
32766: from all lookup main
32767: from all lookup default

Adding some rules into the second routing table to make it something like the main table.

ip route add dev eth1 table second
ip route add default via dev eth1 table second

To look what has been done:
ip route list table second dev eth1 scope link
default via dev eth1

The last step is to flush IP routing cache. Strange things can happen if configuration and cahce is not in sync.

ip route flush cache

If all goes well, should be reachable from outside.

Leave a comment

Your email address will not be published. Required fields are marked *