Hack 45 Survive Catastrophic Internet Loss
|
Set up your network to recover from a full Internet loss. Someday this all too common event may happen: while you're away from your network, your connection dies. Whether the ISP drops it, the cable gets unplugged or the server behind your NAT box dies, it is gone. You are now lost at sea, not knowing what is actually going on back at home. You ping, telnet, and pray to the network gods, but nothing seems to work. Wouldn't it be better if your network could recognize that it has lost that connection and find a way for you to get back in touch? The system that I set up did just that. All it took was a well-configured OpenBSD firewall with NAT and a short Ruby program that uses the Jabber protocol to get my attention. 5.5.1 Hardware ConfigurationI use OpenBSD on a 486 to make my network resistant to total connectivity failure. The computer has two network cards, one for the DSL bridge and the other for the rest of the network. In addition, I managed to find a 56k ISA modem. Since this computer provides little more than firewall and NAT services, it's more than capable of serving a small home or business network. The DSL bridge provides the primary Internet connection with a static IP. The service through my provider is usually quite good, but there have been troubled times. The house has only one phone line, which is plugged into the 56k modem in the same computer as the DSL line. You could easily make the modem computer a different machine entirely, but I found that this 486 is quite compact and sufficient for my purposes. 5.5.2 Connectivity SoftwareThe current OpenBSD operating system (Version 3.4 as of this writing) comes with a wonderful firewall and NAT package, named Packet Filter (PF). PF works well on a day-to-day basis moving my packets from the network to the Internet. Unfortunately, it does not handle the loss of the connection to the ISP. A full discussion for configuring PF is beyond the scope of this hack, but you can find what you need from the OpenBSD PF FAQ at http://www.openbsd.org/faq/pf/index.html. When the unthinkable happens and your network falls off the Internet, you may fall back to your trusty 56k modem. The idea is that the modem will dial out automatically once your main connection goes away. First, though, you need some way to detect that your connection is lost. I use a slow ping to the router on the other end of my DSL connection. I run this heartbeat from cron instead of using a daemon process. It sends three pings at two-second intervals every 10 minutes a very conservative test, especially if you are only sending to your local gateway. Here is the cron entry: */10 * * * * /usr/local/testconnect/testconnect.sh The testconnect.sh script resembles this: #!/bin/sh # First gather data about your connection PINGS=`ping -c 1 -i 2 [your gateway] | wc -l` # Apply test and execute on result if [ -f /tmp/lostconnection.lock ] then echo "Lockfile in place" else echo "No lockfile" if [ $PINGS -lt 8 ] then echo "Connection lost, commencing dialup" touch /tmp/lostconnection.lock pfctl -d ppp -nat internet ruby /usr/local/testconnect/send_new_ip.rb else echo "All is well" fi fi If the gateway is unavailable, then the pings will time out and generate a short ping result. By counting the number of letters (with wc -l) and applying a length test (if [ $PINGS -lt 8]), the script can tell if the pings failed. In the case of failure, the script goes through the steps to give you connectivity through alternative means and to stop it from doing it every 10 minutes if things go really wrong. First, it creates a lockfile to ensure future runs of this script do not dial out over and over again. Second, it shuts down the current NAT interface to make way for the next step. Third, it fires up the modem and connects to my emergency ISP using a preconfigured ppp.conf profile called internet. Here, I enabled NAT (-nat) over PPP so that computers at my house will only notice that the service is slow. The Internet connection will still function in the same way. Finally, I run a script to alert me to the failure. You may have noticed one flaw in this setup. Most cheap ISP services usually do not give you the same IP address when you dial into them. How do you know how to contact your reconnected gateway from the outside? Easy: have the computer tell you. 5.5.3 Jabber and Ruby to the Rescue!There are many ways a computer can contact you with its current status. I decided to use Jabber because I spend a fair amount of time with a Jabber session running. This script will notify me quickly if something untoward happens to my connection at home, such as an incident involving the vacuum cleaner. I figured that a message from my computer with the current network configuration would provide enough information to allow me to log in remotely. The most important information is the current IP address of the backup PPP connection. I decided to create a Ruby script using the Jabber4r module to accomplish this: require 'jabber4r/jabber4r' now = `date`.chomp! ipdata = `/sbin/ifconfig tun0` session = Jabber::Session.bind_digest("user@jabberserver/modem", "secret") session.new_chat_message("user@jabberserver"). set_body("I had to dial up for internet access at #{now}.\n#{ipdata}\n") .send sleep 5 session.closeThe Ruby script grabs the current time and state of the tun0 interface, which contains the current IP address assigned by the dial-up ISP. Armed with that IP address, you can then ssh into your computer and begin to diagnose the situation. The Jabber4r module lives at http://jabber4r.rubyforge.org/. You will also need the REXML module from http://www.germane-software.com/software/rexml/. Both of these installed without issue on top of the Ruby package that shipped with OpenBSD 3.4. 5.5.4 The Last PieceAfter your connection has been restored, you need to clean up. You will need to stop ppp, start PF again hopefully with pfctl and remove the lockfile that prevents the /tmp/testconnect.sh script from dialing out over and over. After that, you should be back to normal, at least until the next mishap. 5.5.5 See Also
|
