Advanced routing across multiple WAN links ?

michaelsanford · 05-17-2005, 03:40 PM

After following the following article (with some tweaks for testing purposes) I still can't get traffic to route across multiple DSL lines:
http://linux-ip.net/html/adv-multi-internet.html

Here is my setup. As you can see I've changed the iptables rule from "if destination is port 80/443" to "if destination is ip 67.71.152.161" because I currently can only test from one host, the gateway, so the routing decision has to be made on the basis of destination and not client IP.

The gateway is connected to a hub that has two WAN gateways, 192.168.0.1 and 192.168.1.1 which are Cisco routers to two different ISPs (Telus and Sprint).

The NIC setup

Code:

[root@wifi etc]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0A:E6:77:50:C0
          inet addr:192.168.1.200  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20a:e6ff:fe77:50c0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18854 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5668 errors:0 dropped:0 overruns:0 carrier:0
          collisions:7 txqueuelen:1000
          RX bytes:1793892 (1.7 Mb)  TX bytes:778809 (760.5 Kb)
          Interrupt:11 Base address:0xdc00

eth0:1    Link encap:Ethernet  HWaddr 00:0A:E6:77:50:C0
          inet addr:192.168.0.200  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:11 Base address:0xdc00

The iptables rules - SNAT masked, unshown rules are empty

Code:

[root@wifi etc]# iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 1175 packets, 94882 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MARK       all  --  any    any     anywhere             67.71.152.161       MARK set 0x4

[root@wifi etc]# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 32 packets, 3542 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 107 packets, 4298 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 SNAT       all  --  any    eth4    anywhere             anywhere            to:149.99.555.555

The Routing Tables - unshown rules are empty

Code:

[root@wifi etc]# ip route show table main
192.168.1.0/24 dev eth0  scope link
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.200
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.1.1 dev eth0

[root@wifi etc]# ip route show table 4
192.168.1.0/24 dev eth0  scope link
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.200
169.254.0.0/16 dev eth0  scope link
127.0.0.0/8 dev lo  scope link
default via 192.168.0.1 dev eth0

[root@wifi etc]# ip rule show
0:      from all lookup local
32765:  from all fwmark 0x4 lookup 4
32766:  from all lookup main
32767:  from all lookup default

Any and all comments are welcome.

EDIT: I originally asked if it could be failing because of incorrect SNATting but I've since fixed that, so now the SNAT properly mangles the packet to appear from the correct ISP gateway.

fgomes · 06-28-2005, 09:23 PM

I don't know anything about VLANs...
I' m still trying to figure out what I should do to properly install my IP phone as a router to my Linux box.

Doing so, I found http://www.linuxjournal.com/article/7268 and I saw you should configure actual and virtual interface's MTU accordingly.
Read everything. There are worthy tips in reader's comments.

Good luck

Fernando Gomes