1

I am testing a redundant internet connection setup that works like this -

I have a network segment, 192.168.80.X It has two gateways - 192.168.80.1 - a FW connected to a frame relay line 192.168.80.2 - an ADSL modem/router

I set up a windows server with a static ip 192.168.80.10, subnet 255.255.255.0 and two default gateways - 192.168.80.1, 192.168.80.2 and set the metrics manually to give the frame relay line preference.

Both routers have port forwarding set up to forward port 80 from the WAN address to the server.

The problem is that when the default gateway selected by windows is 192.168.80.1, it won't accept incoming connections coming from the ADSL router, and vice-versa - if the gateway selected is 80.2 then connections coming to the WAN address of the FW don't get through.

Is this kind of setup even theoretically possible? If it is, I assume it's a routing issue that needs solving? Perhaps adding a route manually to the server/WAN routers?

I'm not networking-savvy enough to figure it out on my own.. some help will be appreciated.

Thanks!

V. Romanov
  • 1,169
  • 1
  • 10
  • 19
  • Q: Is this kind of setup even theoretically possible? A: I don't believe so. A Windows host can only have one DG (AFAIK). The servers response to any non-local traffic will always go to its DG, which there can be only one of. – joeqwerty Oct 24 '13 at 16:23
  • Any computer - be it a Windows server, a Windows desktop, a Linux box, a Mac box, or a Raspberry Pi - can only have one default gateway. That's just how it works. – John Oct 24 '13 at 16:27
  • I don't mind the default gateway. I wanted something that returns incoming traffic the way it came through. – V. Romanov Oct 24 '13 at 16:37
  • Routing occurs at Layer 3. In your case that's unfortunate because the solution for you would be if routing occurred at Layer 2. – joeqwerty Oct 24 '13 at 16:46
  • Theoretically it's possible. It is not that hard to do in linux (http://kindlund.wordpress.com/2007/11/19/configuring-multiple-default-routes-in-linux/) but I don't know how this would be implemented in windows as there is no iproute2 or ip rule. – Jure1873 Oct 24 '13 at 18:00
  • Jure - Thanks, this is exactly what I needed, but no linux for my organization, unfortunately. – V. Romanov Oct 28 '13 at 13:56

1 Answers1

2

It isn't that the incoming connection isn't coming it, it's that the routing table thinks that the return trip should go through the default gateway.

You should really consider splitting this off into 2 different subnets for the LANs between each WAN device and the server's NICs. That would be the proper way to handle this, and if it is a direct connection between the server NIC and a port on the "gateway" then something as simple as a /30 would work for each "route".

Use 2 different NICs in the Windows Server, each on their respective subnets and respective default gateways to each of these WAN devices. But you'd still have to manually fail over the gateway in the routing (disable one nic for instance during normal operation, and then enable it and disable the other during failover. It would all be manual).

I don't know if RRAS and dead gateway detection might work here...never used it myself, but you may look into it too.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • I don't think there's any way to make this work. Any non-local traffic coming in will have a non-local source address. The server is going to attempt to communicate with that non-local address through its DG. Adding a static route for .1 and .2 on the server isn't going to help because the source address is neither of those. – joeqwerty Oct 24 '13 at 16:22
  • Ah true...I was thinking of it in terms of it being NAT'd from the WAN device down to the server. Then yeah, let me modify my answer. – TheCleaner Oct 24 '13 at 16:25
  • This makes sense, I suspected the problem is getting the traffic out the right way. Considering I don't really need them both to work simultaneously (the other line is passive failover) - I can set up some sort of script/tool that will change gateways when it senses that one failed and then change them back. I've seen such functionality on broadcom's NIC TEAMING software, and I suppose I can script something that will do the job. Thanks guys! – V. Romanov Oct 24 '13 at 16:34
  • Hmm, actually, there's some curious stuff in here http://serverfault.com/questions/225185/route-return-traffic-to-correct-gateway-depending-on-service that looks like it could be helpful too, at least in concept. – V. Romanov Oct 24 '13 at 16:39