From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 915BC1381F3 for ; Mon, 27 May 2013 13:08:15 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 945F4E0B35; Mon, 27 May 2013 13:08:04 +0000 (UTC) Received: from uberouter3.guranga.net (unknown [78.25.223.226]) by pigeon.gentoo.org (Postfix) with ESMTP id 157E5E0AED for ; Mon, 27 May 2013 13:08:03 +0000 (UTC) Received: from [192.168.151.100] (unknown [192.168.151.100]) by uberouter3.guranga.net (Postfix) with ESMTPA id EA2FC8297C for ; Mon, 27 May 2013 14:08:01 +0100 (BST) Message-ID: <51A35AAC.6040205@thegeezer.net> Date: Mon, 27 May 2013 14:07:56 +0100 From: thegeezer User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] IP Load Sharing - Per Packet Load Balancing (Linux router) References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 03825f52-a30a-4af9-ac9c-7bfc40bdaa95 X-Archives-Hash: a94def0497cf6a546fe4f0905625aefa Hi, re: load balancing it must be done by the ISP for bonding DSL lines properly. what they support is what you will have to implement, typically they will give you a managed router that you connect to and this will take care of the bonding for you. that said, you can do something similar with IPtables and packet marking and routing tables (see lartc) in the following iptables I have 2x DSL routers on eth1 and 2x DSL routers on eth3, which is why I use masquerade -- the kernel knows how to SNAT based on routing info then I say "for every NEW connection choose a DSL line" and then of course if a packet mark should be set then restore it, so that subsequent connections go out the same direction. this does mean of course, that you have 4x outgoing IP addresses for the 4x Internet connections I appreciate this is not same thing as a bonded line, which would give you 1x outgoing IP address, but it is useful to have this kind of thing where bonded lines are not supported. just be careful of some sites, such as Internet banks, authenticate you against your IP, and if the subsequent connection comes from a differing IP they immediately log you out. This setup also means that you can add into the networking up/down and do things like # ip rule del from all fwmark 0xa lookup connA when interfaces go down the line that reads -A OUTPUT ! -o eth0 -j redirection means that if you have squid running it will also use all 4 connections (not possible in squid.conf) hope this helps! IPRULE: 32758: from 192.168.4.0/24 lookup connD 32759: from 192.168.3.0/24 lookup connC 32760: from 192.168.2.0/24 lookup connB 32761: from 192.168.1.0/24 lookup connA 32762: from all fwmark 0xd lookup connD 32763: from all fwmark 0xc lookup connC 32764: from all fwmark 0xb lookup connB 32765: from all fwmark 0xa lookup connA 32766: from all lookup main 32767: from all lookup default IPTABLES: *nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth3 -j MASQUERADE COMMIT *mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT :RESTORE :WAN1 :WAN2 :WAN3 :WAN4 :redirection -A PREROUTING -j redirection -A OUTPUT ! -o eth0 -j redirection -A RESTORE -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff -A RESTORE -j ACCEPT -A WAN1 -j MARK --set-xmark 0xa/0xffffffff -A WAN1 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A WAN2 -j MARK --set-xmark 0xb/0xffffffff -A WAN2 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A WAN3 -j MARK --set-xmark 0xc/0xffffffff -A WAN3 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A WAN4 -j MARK --set-xmark 0xd/0xffffffff -A WAN4 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A redirection -p tcp -m state --state RELATED,ESTABLISHED -j RESTORE -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -j WAN1 -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 1 -j WAN2 -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 2 -j WAN3 -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 3 -j WAN4 COMMIT *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :fail2ban-SSH -A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH -A fail2ban-SSH -j RETURN COMMIT