Solved

clarkconnect 4.1 CE & failover

Posted on 2006-11-30
6
440 Views
Last Modified: 2012-06-27
Hello,

before I begin, I'd like to point out that I am a total newbie to Linux. The reason I chose clarkconnect as a gateway/firewall is because it's so easy to use. So please keep this in mind when answering, I would very much appreciate it.

As I said above, I am using Clarkconnect 4.1 community edition to protect my home network and my web server which I host myself.

I have 2 nics, one green for my lan and one red for the internet. The red is connected to my modem acting in bridge mode. All works perfectly using PPPOE.

I recently had a few web server crashes (Windows :-)), and being away from home I had no way to recover and re-boot. So I am thinking of implemeting some kind of failover where if my web server is down, the packets are forwarded from my linux firewall to a different IP on port 80. I am using a fixed IP address on the WAN side and configured the firewall to act as a dns server.

Can someone point me on the right path, is it possible to have some kind of route on the firewall so that if one internal IP is not available it will forward the packets to a different ip.

Many thanks
0
Comment
Question by:mmahdi
  • 2
  • 2
6 Comments
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 18081482
Simplest thing to do is to run a cron job
that check every x minutes, if the mail server is pingable and if not
changes a nat entry to a different one.

Scaleton only:
---8<---
if ping -c 1 {IP} ; then
  if [ -f /tmp/on-ip2 ] ; then
    iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to {IP}
    iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to {IP2}
    rm /tmp/on-ip2
    touch /tmp/on-ip
  fi
else
  if [ -f /tmp/on-ip ] ; then
    iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to {IP2}
    iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to {IP}
    rm /tmp/on-ip
    touch /tmp/on-ip2
  fi
fi
---8<---
0
 
LVL 1

Author Comment

by:mmahdi
ID: 18083182
Thanks Noci,

I will find out how to setup a cron job then will give it a go.
I suppose {IP} refers to the IP of the first mail server that should be represented in a format of 10.0.x.x
and {IP2} represents the failover mail server.
What does on-ip2 & on-ip mean?

Regards
0
 
LVL 40

Expert Comment

by:noci
ID: 18084132
Yep {IP} are your mailservers.
those are flag files to prevent addition of MANY MANY rules to the natlist.
And they indicate the live server.
0
 
LVL 1

Author Comment

by:mmahdi
ID: 18091322
thanks for the response noci. I will try it then get back to you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OpenVPN running on Ubuntu 14.4 x64 5 92
Veritas Asymmetric Cluster 2 353
IPA - can it be run on a web server? 3 148
IPA and Samba (and NFS and Samba....) 1 124
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now