4

My router is ClearOS 6(Centos 6). In my router, I have two external (internet) network connections from two ISP's.

The primary connection is eth2 connected to a cable modem and the second one is ppp0 connected to a dsl modem. I have assigned eth2 as the primary connection (with a high metric value). In fact this is done through clearos's multiwan web interface. I have a test in my Nagios to monitor whether the primary connection. This connection is done based on the result of 

curl ifconfig.me

But it seems that ifconfig.me is always giving the ip address of my secondary connection. I tested it through a browser. Yes ifconfig.me gives the secondary internet's(ppp0) ip address. But whatismyipaddress.[com|org] give my primary ip address (eth2). I checked the default route on the router through 

ip route list 0/0

<secondary network> dev ppp0 proto kernel scope link src <secondary ip address> <primary network> dev eth2 proto kernel scope link src <primary ip address> <lan> dev eth0 proto kernel scope link src <lan interface address>
default via <primary gateway address> dev eth2

which also shows the primary connection (eth2) as the default route.

The 

traceroute www.google.com

and 

traceroute ifconfig.me

both seems to trace through the primary connection (eth2).

As our secondary internet connection has only got a limited download, I don't want to end up having to pay a large sum at the end of the month.

Has somebody got an idea why the ifconfig.me shows my secondary address?

What is the best way to ensure that my router(and thus the lan) use the right internet connection.

user630286
  • 61
  • 3
  • Do you have any other routes in your routing table that matches the IP of ifconfig.me ? – miono Oct 29 '12 at 10:20
  • 2
    Generally speaking, it's always better in these questions to **show**, not **tell**. We accept that you think that the `ip route` output says that your default route is via eth2, but you might be wrong, or there might be a more specific route that includes the IP of `ifconfig.me`, as miono says, or there might be some other issue that none of us has thought of. If you could edit into your question not just the commands you typed, but their outputs as well (plus the output of `ifconfig -a`, please), we can probably be of more help to you. – MadHatter Oct 29 '12 at 10:32
  • Hi miono, Following is the result of 'ip route list' on the router: ` dev ppp0 proto kernel scope link src dev eth2 proto kernel scope link src dev eth0 proto kernel scope link src default via dev eth2` Please let me know if you need anymore information in this regard. Cheers – user630286 Oct 29 '12 at 10:37
  • Hi MadHatter, I have just shown the result of ip route list. Though the display format is a bit ill-formatted, it should be readable (please let me know if there is a better way to format this kind of things).Please let me know if you need more information in this regard. Thanks – user630286 Oct 29 '12 at 10:39
  • Any other suggestions people? – user630286 Oct 31 '12 at 09:56

2 Answers2

1

At a glance it looks like your routes are configured correctly.

I suggest you use Wireshark/T-Shark to look at the packets leaving each external interface (eth2, ppp0) individually and see what happens when you run your curl ifconfig.me command. This may give you a clue as to why your getting different results with different tools.

Have you tried other IP address look up tools to see if you get the same results? Again, this may be enlightening.


What is the best way to ensure that my router(and thus the lan) use the right internet connection.

But it sounds like what you really want is failover instead of load-balancing. That is to say, you want all your traffic to leave your primary connection and you secondary one is just there in case your primary one goes down.

From the ClearOS documentation:

Multi-WAN weights are used to load balance outbound Internet traffic. By default, all WAN interfaces are given a weight of one. This default configuration means the network traffic will be roughly evenly split amongst the different WAN connections.

In one of the typical multi-WAN configurations, a second broadband connection is used for backup. This second connection is often a low-cost and low-bandwidth connection. In this case, you would want to set the weight on your high-bandwidth connection to 3 or 4, while leaving your low-cost/low-end connection with a weight of 1.

Community
  • 1
  • Apologies for the delayed reply (off from work for a really long time). What kce points to seems to be the right thing. Multi-wan seems only to load balance outgoing connections. In mine I have the primary with a weight of 4 and the secondary with a weight of 1 (ie 75/25) and therefore the router keeps routing 25% of the traffic through the secondary connection. This is fine with me at the moment. Thanks for the answers guys. – user630286 Feb 25 '13 at 12:43
0

As kce pointed out, your routing tables look correct. That being the case, I suspect you may have a SNAT of some sort configured without realizing it.

First, try this: lsmod | grep conntrack

This is to see whether or not the conntrack module is loaded. If it's not, do not run the next command, it's unnecessary and the simple act of listing the empty conntrack table will load the module and not automatically unload it afterward. This can be a sleeping timebomb on servers with high network load that run up against the default size of the kernel's connection tracking table.

If you get something like this...

nf_conntrack_ipv4       7597  3 iptable_nat,nf_nat
nf_conntrack           38083  4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4           779  1 nf_conntrack_ipv4

...then try listing the conntrack table with this:

iptables -vn --line-numbers -t nat -L POSTROUTING

You're looking for a line that says "SNAT" in the target column, with the IP address of your secondary interface on the far right. Delete that line and you should be all set.

Hopefully that's it.

Andrew B
  • 32,588
  • 12
  • 93
  • 131