Ip failback on dedi
With the command iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
active i get the following.
ip route
dedi.ip.0/24 dev eth0 proto kernel scope link src dedi ip
default via dedi.ip.254 dev eth0 metric 100
arp
Address HWtype HWaddress Flags Mask Iface
dedi.ip.254 ether 00:22:91:08:04:00 C eth0
With clean iptables i get.
arp
Address HWtype HWaddress Flags Mask Iface
dedi.ip.254 ether 00:22:91:08:04:00 C eth0
dedi.ip.1 ether 00:22:91:08:04:00 C eth0
Hmm. Your config is ok, iptables is empty by default and you're receiving pings but can't send responses or outgoing traffic. What do the commands "ip route" and "arp" give?
So i copy and pasted those commands first cleaning the iptables.
The failover ip will still not ping from my home pc.
Also i installed firefox on the server i was hoping to use a whats my ip site but all traffic is dead no web site will work till i clean the iptables
Heres the output from iptables -t nat -L while using the commands.
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT tcp -- anywhere anywhere tcp dpt:www to:failover ip
SNAT all -- anywhere anywhere to:failover ip
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Here is my network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address dedi ip
netmask 255.255.255.0
network dedi.ip.0
broadcast dedi.ip.255
gateway dedi.ip.254
auto eth0:0
iface eth0:0 inet static
address failover ip
netmask 255.255.255.255
Use "--to-source". Ie:
Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
or for only TCP traffic destined to port 80 (web):
Code:
iptables -t nat -A POSTROUTING -o eth0 -p tcp -m tcp --dport 80 -j SNAT --to-source
where
is the desired IP.
If done correctly, it will show up in "iptables -t nat -L".
But before you do that, just clean the iptables out (unless you have recently rebooted) with:
Code:
iptables -F && iptables -t nat -F && iptables -t mangle -F
Ok i tried your commands again and it still does not work in fact when i came to log back onto the server via putty it would not connect either on my dedi ip or the failover ip.Also if i type apt-get update right after i did the command iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to failover ip it just hangs till i hit ctrl c
This is the output from
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
I can ping the failover ip on my server but not from a remote machine.
I can ping the dedi ip from my home pc without problem.
Thanks for trying to sort my problem btw
Originally Posted by
jacks
20:01:56.861150 IP home pc > failover ip: ICMP echo request, id 1, seq 3, length 40
Looks like your failover IP has been configured correctly and receiving the pings (so properly configured in that respect and not an OVH issue). You haven't shown us if there's an "ICMP echo reply" immediately following it, so if it's blocked, double check the output of "iptables -L" on the server.
I just want to be able to use my failover ip and not have the original server ip in use anymore.Can this be done without having to use a virtual machine?
The main IP needs to remain there, but you can force your server to use the failover IP for outgoing traffic and responses (details how to do so were given in an earlier post). This will work with BBC iPlayer and other geo-restricted sites (Google will also show up with the UK version, for example).
Just note that those instructions given don't survive a reboot. Either manually enter those commands again, or use "iptables-save > /etc/iptables-saved" to save the settings to a file and add "post-up iptables-restore < /etc/iptables-saved" as the last line to your "eth0" stanza in /etc/networking/interfaces
Originally Posted by
jacks
This is what i got after trying your new command.
On my home windows pc i got this.
Ping statistics for failover ip:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
This is what it said on my ovh ubuntu server9.10 while running tcpdump -ni eth0:0 icmp
20:01:56.861150 IP home pc > failover ip: ICMP echo request, id 1, seq 3, length 40
I just want to be able to use my failover ip and not have the original server ip in use anymore.Can this be done without having to use a virtual machine?
Can you ping your main IP?
This is what i got after trying your new command.
On my home windows pc i got this.
Ping statistics for failover ip:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
This is what it said on my ovh ubuntu server9.10 while running tcpdump -ni eth0:0 icmp
20:01:56.861150 IP home pc > failover ip: ICMP echo request, id 1, seq 3, length 40
I just want to be able to use my failover ip and not have the original server ip in use anymore.Can this be done without having to use a virtual machine?
Type in:
Code:
tcpdump -ni eth0:0 icmp
and start sending a ping to your failover IP from another computer (ie., your home computer).
You should be seeing "ICMP echo request" on the server for your failover IP. Every request should have an "ICMP echo reply" - if not, then something is preventing it, ie a firewall/iptables filter.
If you don't see any ICMP echo request entries, then the ping never made it to your side. Double check your settings in /etc/network/interfaces (for Ubuntu/Debian bases distros). If you are absolutely sure it is correct, then I'd recommend opening a support ticket to have it investigated (could be an issue at the router side).
PS: You can exit the tcpdump application using CTRL+C.
The above commands did not work,i still cannot ping my failover ip from my home pc.
Heres my ifconfig if anyone can see whats going wrong.
eth0 Link encap:Ethernet HWaddr 00:27:0e:11:7a:4d
inet addr:dedi ip Bcast:dedi ip.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14481480 errors:0 dropped:0 overruns:0 frame:0
TX packets:11862960 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19172582339 (19.1 GB) TX bytes:8127152999 (8.1 GB)
Interrupt:27 Base address:0x6000
eth0:0 Link encap:Ethernet HWaddr 00:27:0e:11:7a:4d
inet addr:failover ip Bcast:94.255.255.255 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:27 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:25982 errors:0 dropped:0 overruns:0 frame:0
TX packets:25982 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4414266 (4.4 MB) TX bytes:4414266 (4.4 MB)
Thanks for the reply's ill give it ago.
Courtesy of Myatu:
To make all outgoing connections come from your failover IP (NB: you won't be able to access your FTP backup with this):
Code:
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to FA.IL.OV.ER
For outgoing web traffic only:
Code:
iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 80 -j SNAT --to FA.IL.OV.ER
MicroChip123
18-05-2010, 13:48
Originally Posted by
Kitty
If the BBC iPlayer IP address is 1.2.3.4 and the outgoing IP address you want to use is 5.6.7.8 then this should work
Code:
iptables -t nat -A POSTROUTING -d 1.2.3.4 -j SNAT --to-source 5.6.7.8
That may not work as they use another server for the video files.
Originally Posted by
Marks
I should work. Check the configuration and/or send us an email.
To use a failover IP from UK on a VPS and use this server to access BBC player sounds to me like a very good solution. Otherwise, you have the problem of getting the server to use the UK IP for the outgoing connection. I've seen customers that used the iptables to change the outgoing IP.
Out of curiosity, is there a way to do this under Windows without using a VPS?
Originally Posted by
Marks
Otherwise, you have the problem of getting the server to use the UK IP for the outgoing connection. I've seen customers that used the iptables to change the outgoing IP.
If the BBC iPlayer IP address is 1.2.3.4 and the outgoing IP address you want to use is 5.6.7.8 then this should work
Code:
iptables -t nat -A POSTROUTING -d 1.2.3.4 -j SNAT --to-source 5.6.7.8
After following ovh ip failover guide i went to ping the new ip address and got 100% los
I should work. Check the configuration and/or send us an email.
To use a failover IP from UK on a VPS and use this server to access BBC player sounds to me like a very good solution. Otherwise, you have the problem of getting the server to use the UK IP for the outgoing connection. I've seen customers that used the iptables to change the outgoing IP.
I tried to install my ip failover on my ubuntu 9.10 server so i could use this ip to watch bbc iplayer through openvpn.
After following ovh ip failover guide i went to ping the new ip address and got 100% loss i installed centos server and followed the guide same thing happend.
So i installled proxmox and made a kvm ubuntu server using my failover ip and it worked first time.But i dont want to use proxmox.
Can anyone please give me a step by step guide on how to setup the failover ip on ubuntu/debian server without having a vm running.
Thanks.