I'm banging my head against the wall to come up with a clever and simple solution to WAN failover. This is for a SOHO installation with two different external IPs. Only outbound connection failover needed.
- Provider 1: Cable
- Provider 2: Wireless
The Firewall is a Debian GNU/Linux, so the solution should use Linux and be software-based.
I want to be able to not only detect, if one of the routers go down (thats easy with iproute2), but when their connections go down. Both routers dont have SNMP or some other standards based RMON.
Is there something like a ping utility where I can specify the default route to use?
That way I could monitor both links optimally with a small script. Or should I go some other route?
Best Answer
This is a little more complex since I'm assuming that your routers can't export their routes in a meaningful way. If you feel like digging into it, remember that when you send a packet locally the IP address is still the far-end host and the MAC address (on Ethernet, anyway) is based on the hosts route table and arp cache.
If you knock your software down a level and use the kernel's packet calls to form your message, you can write that IP packet with the MAC address of your choice. The packet will then use the router of your choice as the first hop. Use that to ping and monitor responses and you'll be able to test connectivity without changing system settings.
Of course, you'll need some elevated permissions in your program to accomplish this.
Otherwise, forced single-address routing table entries suggested by Evan will allow you to stay out of writing things that call on the kernel. For any method where the router's aren't complicit in telling you, you need to be in the DMZ otherwise you can't choose where your packets go unless you somehow end up with source routing enabled.