# This is the configuration file to use a dual WAN setup under Gentoo.
#
# This was a HOWTO on multi-homed boxes that I found
# http://www.linuxjournal.com/article/7291
# And adapted/updated for writing this config.
#
# Author: Robin H. Johnson <robbat2@gentoo.org>
#
# Interfaces:
# -----------
# eth0 -> LAN link
# eth1 -> WAN link #1 (Shaw Cable)
# eth2 -> WAN link #2 (Primus)
#
# If implemented as a standalone script, you could probably script some more of
# the hardcoded addresses here, but that's not possible in the Gentoo network
# init system presently.
#
# Contents of /etc/iproute2/rt_tables
# 255 local
# 254 main
# 253 default
# 0	unspec
# 1 shaw 
# 2 primus
# 3 localnet

# General settings
modules=( "iproute2" )
peer_dns="no"
peer_nis="no"
peer_ntp="no"

# LAN link
ipaddr_eth0=( "192.168.1.1/24 broadcast 192.168.1.255" )
#"192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1 table localnet"

# These are the two WAN addresses of the box used in the from statement.
# Traffic from either of them to the LAN gets priority 100, and matches the
# localnet table.
rules_eth0=(
    "from 24.80.102.112/32 to 192.168.1.0/24 table localnet priority 100"
    "from 216.113.223.51/32 to 192.168.1.0/24 table localnet priority 100"
)
routes_eth0=(
    "from all to 192.168.1.0/24 table localnet"
)

# WAN link #1 (Shaw Cable)
ipaddr_eth1=( "dhcp" )
# -G is important, we need to manually get the gateway
dhcpcd_eth1="-t 10 -o -N -R -Y -G"
dhcp_eth1="nodns nontp nonis"

# WAN link #2 (Primus DSL)
ipaddr_eth2=( "dhcp" )
# -G is important, we need to manually get the gateway
dhcpcd_eth2="-t 10 -o -N -R -Y -G"
dhcp_eth2="nodns nontp nonis"

# Now the fun stuff. All of these netblocks belong to the
# ISP of WAN link #1.
# In general, they are not reachable from the other ISP,
# because they are stuff like internal DNS and email
# servers.
# The from rule at the start says any traffic from a server
# that has bound to that external IP should go out of the
# interface.
# The 'from all' rule on the end is for failover.

# blocks from  'whois SHAW-COMM'
#24.64.0.0/13 24.76.0.0/14 24.80.0.0/13 24.108.0.0/15 24.244.0.0/18 64.59.128.0/18 68.144.0.0/13 70.64.0.0/14 70.68.0.0/15 70.70.0.0/16 70.71.0.0/18 70.71.64.0/19 70.71.96.0/20 204.209.208.0/21
rules_eth1=( 
    "from 24.80.102.112/32  table shaw priority 500"
    "to 24.64.0.0/13        table shaw priority 550"
    "to 24.76.0.0/14        table shaw priority 550"
    "to 24.80.0.0/13        table shaw priority 550"
    "to 24.108.0.0/15       table shaw priority 550"
    "to 24.244.0.0/18       table shaw priority 550"
    "to 64.59.128.0/18      table shaw priority 550"
    "to 68.144.0.0/13       table shaw priority 550"
    "to 70.64.0.0/14        table shaw priority 550"
    "to 70.68.0.0/15        table shaw priority 550"
    "to 70.70.0.0/16        table shaw priority 550"
    "to 70.71.0.0/18        table shaw priority 550"
    "to 70.71.64.0/19       table shaw priority 550"
    "to 70.71.96.0/20       table shaw priority 550"
    "to 204.209.208.0/21    table shaw priority 550"
    "from all               table shaw priority 41000" # needed for primus failure
)
# The 24.80.100.0/22 netblock is directly connected (this is
# what DHCP handed out).
# We specify the gateway for this interface with the 'table
# shaw' suffix.
routes_eth1=( 
    "24.80.100.0/22 dev eth1 table shaw scope link" # non-gw stuff
    "default via 24.80.100.1 table shaw"
)

# As for eth1, we repeat for the second WAN link.

# blocks for Uniserve/Primus
# PRIMUS-DSL-BLK1 PRIMUS-DSL-BLK2 PRIMUS-DSL-BLK3 NET-216-113-192-0-1
# 
# 216.210.109.64/26 216.210.109.128/25 216.113.223.0/24 216.113.192.0/19
rules_eth2=( 
    "from 216.113.223.51/32 table primus priority 600"
    "to 216.210.109.64/26   table primus priority 650"
    "to 216.210.109.128/25  table primus priority 650"
    "to 216.113.223.0/24    table primus priority 650"
    "to 216.113.192.0/19    table primus priority 650"
    "from all               table primus priority 40000" # send all other traffic via this
)
routes_eth2=( 
    "216.113.223.0/24 dev eth2 table primus scope link" # non-gw stuff
    "default via 216.113.223.1 table primus"
)

# Now some fun functionality.
# This flushes the Linux route cache
# It is important on failover to do this
# otherwise traffic might try an old route for a while.
flush_route_cache() {
    ebegin "Flushing route cache for ${IFACE}"
    ip route flush cache dev ${IFACE}
    ret=$?
    eend $ret
    return $ret
}

# This will take a rules array, and process it.
ip_rule_runner() {
    cmd="$1"
    case ${IFACE} in
        eth2) rules=( "${rules_eth2[@]}" ) ;;
        eth1) rules=( "${rules_eth1[@]}" ) ;;
        eth0) rules=( "${rules_eth0[@]}" ) ;;
    esac
    max=$((${#rules[@]} - 1))
    cmd="ip rule ${cmd}"
    for ln in `seq 0 $max`; do
        ebegin "   ${cmd} ${rules[$ln]}"
        ${cmd} ${rules[$ln]}
        eend $?
    done
}

postup() {
    einfo "Adding rules"
    ip_rule_runner add
    flush_route_cache
}
predown() {
    einfo "Removing rules"
    ip_rule_runner del
    flush_route_cache
}

# vim: set filetype=gentoo-conf-d: