Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 451
  • Last Modified:

clarkconnect 4.1 CE & failover

Hello,

before I begin, I'd like to point out that I am a total newbie to Linux. The reason I chose clarkconnect as a gateway/firewall is because it's so easy to use. So please keep this in mind when answering, I would very much appreciate it.

As I said above, I am using Clarkconnect 4.1 community edition to protect my home network and my web server which I host myself.

I have 2 nics, one green for my lan and one red for the internet. The red is connected to my modem acting in bridge mode. All works perfectly using PPPOE.

I recently had a few web server crashes (Windows :-)), and being away from home I had no way to recover and re-boot. So I am thinking of implemeting some kind of failover where if my web server is down, the packets are forwarded from my linux firewall to a different IP on port 80. I am using a fixed IP address on the WAN side and configured the firewall to act as a dns server.

Can someone point me on the right path, is it possible to have some kind of route on the firewall so that if one internal IP is not available it will forward the packets to a different ip.

Many thanks
0
mmahdi
Asked:
mmahdi
  • 2
  • 2
1 Solution
 
nociSoftware EngineerCommented:
Simplest thing to do is to run a cron job
that check every x minutes, if the mail server is pingable and if not
changes a nat entry to a different one.

Scaleton only:
---8<---
if ping -c 1 {IP} ; then
  if [ -f /tmp/on-ip2 ] ; then
    iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to {IP}
    iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to {IP2}
    rm /tmp/on-ip2
    touch /tmp/on-ip
  fi
else
  if [ -f /tmp/on-ip ] ; then
    iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to {IP2}
    iptables -t nat -D PREROUTING -p tcp --dport 80 -j DNAT --to {IP}
    rm /tmp/on-ip
    touch /tmp/on-ip2
  fi
fi
---8<---
0
 
mmahdiAuthor Commented:
Thanks Noci,

I will find out how to setup a cron job then will give it a go.
I suppose {IP} refers to the IP of the first mail server that should be represented in a format of 10.0.x.x
and {IP2} represents the failover mail server.
What does on-ip2 & on-ip mean?

Regards
0
 
nociSoftware EngineerCommented:
Yep {IP} are your mailservers.
those are flag files to prevent addition of MANY MANY rules to the natlist.
And they indicate the live server.
0
 
mmahdiAuthor Commented:
thanks for the response noci. I will try it then get back to you.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now