hi,
i'm having problems with the setup i made to a client with two DSL
connections (from the same provider).
+-----> link1
LAN----- linux box --| |----------internet
+-----> link2
the setup is ok in terms of the failover requirement. the other link
takes over when one is down. however, there is a very noticeable lag
when both lines are up. i've tried changing the weight value to a
higher one but the links are still under utilized. and i unplug one of
the two links, the active outside connection quickly gets most of the
load (lines are not properly balanced).
any suggestions? do i need to patch the kernel?
below the is the script i'm using.
thanks.
erik
<start of script>
#!/bin/sh
# Iptables userspace executable
IPTABLES="/sbin/iptables"
# Internal Interface
NET_INT_INT=eth1
# Internal IP
NET_INT_IP=192.168.0.101
# Internal Subnet
NET_INT_SUB=/24
# Internal Network
NET_INT_NET=192.168.0.0
# First external interface
NET_EXT_INT1=eth0
# First external IP
NET_EXT_IP1=192.168.1.7
# First external interface's gateway
NET_EXT_GW1=192.168.1.1
# Second external interface
NET_EXT_INT2=eth2
# Second external IP
NET_EXT_IP2=192.168.1.3
# Second external interface's gateway
NET_EXT_GW2=192.168.1.1
echo "Flushing All Tables"
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
$IPTABLES -X -t nat
$IPTABLES -X -t mangle
$IPTABLES -X
$IPTABLES -t mangle -N ETH0
$IPTABLES -t mangle -F ETH0
$IPTABLES -t mangle -A ETH0 -j MARK --set-mark 1
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2
$IPTABLES -t nat -N SPOOF_ETH0
$IPTABLES -t nat -F SPOOF_ETH0"
$IPTABLES -t nat -A SPOOF_ETH0 -j SNAT --to ${NET_EXT_IP1}
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2H2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}
echo "Setting some local network rules..."
$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/24 -d ${NET_INT_IP} -j ACCEPT
echo "Setting Mangle rules for eth0..."
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH0
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
--average 50 -j ETH0
ip ro add table 10 default via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
ip ru add fwmark 1 table 10
ip ro fl ca
echo "Setting Mangle rules for eth2..."
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
--average 50 -j ETH2
ip ro add table 20 default via ${NET_EXT_GW2} dev ${NET_EXT_INT2}
ip ru add fwmark 2 table 20
ip ro fl ca
echo "Setting up spoofing rules..."
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH0
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2
echo "Adding default route..."
ip ro add default nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
weight 1 nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2} weight 1
echo "Disabling Reverse Path Filtering..."
echo 0> /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter
echo "Enabling IPv4 Packet forwarding..."
echo "1"> /proc/sys/net/ipv4/ip_forward
<end of script>
--
roderick e. tapang
retapang at gmail dot com
(o_.' http://counter.li.org/
//\ ----------------------
V_/_ Linux User # 253842
--
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
