On Tue, 2004-09-21 at 05:11, Daniel Bartlett wrote: > Hi, > > > > > That's the simple part. The more interesting part is detecting the "dead" > > gateway, for some definition of "dead". In the typical external ADSL > > or cable modem configuration, there can be a failure of communication > > between the Linux firewall and the ADSL/cable router, between the > > ADSL/cable router and the ISP, and between the ISP and the wider Internet > > (usually due to routing screwups, etc., at the ISP). So detecting whether > > the local gateway (i.e., the ADSL/cable router) is alive is of only > > marginal utility; one usually wants to detect reachability of the wider > > Internet, via pinging highly-available sites, or an equivalent method. > > > > Then there is the issue of DNS resolution. For many clients, if the ISP's > > DNS servers are not working, the route to the internet is again of marginal > > utility. One can configure DNS to use the nameservers of both ISP's, though > > that doesn't help with certain Byzantine failures (that seem to occur in > > real life), where one ISP's nameserver returns nonsense. For this and > > other reasons, it is generally desirable to give priority to the DNS server > > of the ISP that you are routing through, and a more active approach to > > DNS server monitoring is often used. > > The DNS issue i was thinking of setting up a caching DNS server that > had its configs updated on the connection failing, ie for the ISP > nameservers. > > > snip Convoluted, but --- You could set up an say in INPUT, FORWARD, etc rule to look for an ICMP error and send that to syslog or some such that could trigger a script to change your ISP. -- jludwig <wralphie@xxxxxxxxxxx>
