[TriLUG] Multiple Public Interfaces == routing confusion
David Burton via TriLUG
trilug at trilug.org
Wed Jun 4 20:24:36 EDT 2025
You can buy multi-WAN routers, which presumably do that. I've never used
one, though.
https://www.google.com/search?q=%28%22multi-WAN%22+%7C+%22dual-WAN%22%29+router
Dave
On Wed, Jun 4, 2025 at 5:53 PM Aaron Joyner via TriLUG <trilug at trilug.org>
wrote:
> The name for what you want to do is "policy routing", and often just
> knowing how to ask the question is most of the battle to finding how to
> solve a problem. Here's a helpful post from ~2004 on how to do what you're
> asking:
> https://trilug.org/pipermail/trilug/Week-of-Mon-20040329/025284.html
>
> Subsequent messages in that thread are also helpful.
>
> Best of luck!
> Aaron S. Joyner
>
> On Wed, Jun 4, 2025 at 11:23 AM Brian via TriLUG <trilug at trilug.org>
> wrote:
>
> > Hi Gang,
> >
> > Recently, I had Lumos install fiber at my house. Now my router (a
> > Debian 11.3 system) has two public interfaces: one for Lumos, and one
> > for the Spectrum service I still have.
> >
> > I am using iptables for firewalling, as I have yet to buckle down and
> > learn about firewalld.
> >
> > The router has a public IP address for each public interface. From the
> > router, I can ping and traceroute out through either interface
> > successfully.
> >
> > I have the IPv4 routing table set up simply with the Spectrum interface
> > as a higher-metric default gateway. I can ping and traceroute through
> > either interface without issue.
> >
> > The trouble, as the astute will have already surmised, is that any
> > packets coming in on the Spectrum interface get answered by way of the
> > Lumos interface since it has a higher priority in the routing table.
> > I've verified this by using logging rules in for ICMP packets in
> > iptables; I can clearly see an echo-request come in on the Spectrum
> > interface and the echo-reply go out the Lumos interface. Of course that
> > response packet gets dropped by the first stateful firewall it
> > encounters on its way back.
> >
> > What's the secret sauce to ensure services answer packets through the
> > correct interface? The whole reason I've not canned Spectrum
> > immediately is that the Lumos connection hasn't proven to be very
> > stable, and I want to be able to get in from outside through either
> > interface if one happens to be down. Do I just need to rig up a proper
> > failover setup? How difficult is that to do?
> >
> > Thanks,
> > -Brian
> >
> >
> > --
> > This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> > To unsubscribe, send a blank message to trilug-leave at trilug.org from
> that
> > address.
> > TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> > Unsubscribe or edit options on the web :
> > https://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> > Welcome to TriLUG: https://trilug.org/welcome
> --
> This message was sent to: Dave Burton <ncdave4life at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : https://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web :
> https://www.trilug.org/mailman/options/trilug/ncdave4life%40gmail.com
> Welcome to TriLUG: https://trilug.org/welcome
More information about the TriLUG
mailing list