Enable packet forwarding on both device
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
sudo nano /etc/sysctl.conf
Uncomment net.ipv4.ip_forward
net.ipv4.ip_forward=1
sudo sysctl -p
Masquerade traffic
sudo iptables -t nat -I POSTROUTING -o wan -j MASQUERADE
More secure way to Masquerade traffic
sudo iptables -t nat -I POSTROUTING -o wan -s 192.168.1.0/24 -j MASQUERADE
Install keepalived
sudo apt-get install keepalived
Make conf as follows
sudo nano /etc/keepalived/keepalived.conf
On MASTER router
vrrp_script chk_Kim_script {
script "/etc/keepalived/testping.sh"
# return 0 = OK
# return 1 = fail
interval 4 # check every 5 seconds
fall 2 # require 2 failures for KO
rise 10 # require 10 success for OK
}
vrrp_instance Router245 {
interface eth0
state MASTER # Put both BACKUP to prevent kicking, flapping
virtual_router_id 245
priority 100
authentication {
auth_type PASS
auth_pass monkey
}
virtual_ipaddress {
192.168.1.251
}
track_script {
chk_Kim_script
}
}
On BACKUP router
vrrp_script chk_Kim_script {
script "/etc/keepalived/testping.sh"
# return 0 = OK
# return 1 = fail
interval 4 # check every 5 seconds
fall 2 # require 2 failures for KO
rise 10 # require 10 success for OK
}
vrrp_instance Router245 {
interface eth0
state BACKUP
virtual_router_id 245
priority 100
authentication {
auth_type PASS
auth_pass monkey
}
virtual_ipaddress {
192.168.1.251
}
track_script {
chk_Kim_script
}
}
VRRP_script for ping test 8.8.8.8 on both routers
sudo nano /etc/keepalived/testping.sh
#!/bin/sh
testping() {
ping -c2 8.8.8.8 > /dev/null
if [ $? -eq 0 ]
then
return 0
else
return 1
fi
}
testping
Finally make it executable
sudo chmod 777 /etc/keepalived/testping.sh
Start keepalived service
sudo service keepalived start
Test your MASTER & BACKUP router
tail -f /var/log/syslog