LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-25-2012, 01:05 PM   #1
sekarlinux
Member
 
Registered: Dec 2011
Posts: 36

Rep: Reputation: Disabled
Linux IPTables load balancing with multiple DSL lines


Hello Friends,

I have the below structure in my linux box.

Eth0: LAN
Eth1: DSL-1
Eth2: DSL-2
Eth3: DSL-3
Eth4: DSL-4

Note : My DSL lines are having DHCP IP's

I need to distributes the requests through all the DSL lines as round-Robin with IP tables or any open source solutions.

Also i need a option to stop sending requests if any DSL line not working..

Thanks a lot in advance for your help on this request.

Regards,
Sekar
 
Old 11-25-2012, 05:12 PM   #2
deswarf
LQ Newbie
 
Registered: Jan 2012
Posts: 26

Rep: Reputation: Disabled
I`m not sure, but I suppose it should look like this:
Code:
#!/bin/sh
IP1="`ip addr show eth1 | grep inet | awk '{print $2}'`" 
IP2="`ip addr show eth2 | grep inet | awk '{print $2}'`" 
IP3="`ip addr show eth3 | grep inet | awk '{print $2}'`" 
IP4="`ip addr show eth4 | grep inet | awk '{print $2}'`" 
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 1
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 4 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 2
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 3 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 3
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 2 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 4
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 1 -j RETURN
iptables -t nat -A POSTROUTING -m connmark --mark 1 -j SNAT --to $IP1
iptables -t nat -A POSTROUTING -m connmark --mark 2 -j SNAT --to $IP2
iptables -t nat -A POSTROUTING -m connmark --mark 3 -j SNAT --to $IP3
iptables -t nat -A POSTROUTING -m connmark --mark 4 -j SNAT --to $IP4
exit 0
As for not working, probably it could be realised with couple of rules with
Code:
 
POSTROUTING  -m conntrack --ctstate NEW -m rateest --rateest-delta --rateest1 eth1 --rateest-bps1 2mbit --rateest-gt --rateest2  eth2 --rateest-bps2 200kbit -j CONNMARK --set-mark 1
 
Old 11-26-2012, 07:54 AM   #3
sekarlinux
Member
 
Registered: Dec 2011
Posts: 36

Original Poster
Rep: Reputation: Disabled
Thanks a lot friend.

Sorry i could not understand the second code.

Could you please give me details that second code will do?

Thanks,
Sekar


Quote:
Originally Posted by deswarf View Post
I`m not sure, but I suppose it should look like this:
Code:
#!/bin/sh
IP1="`ip addr show eth1 | grep inet | awk '{print $2}'`" 
IP2="`ip addr show eth2 | grep inet | awk '{print $2}'`" 
IP3="`ip addr show eth3 | grep inet | awk '{print $2}'`" 
IP4="`ip addr show eth4 | grep inet | awk '{print $2}'`" 
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 1
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 4 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 2
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 3 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 3
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 2 -j RETURN
iptables -t mangle -A OUTPUT -j CONNMARK --set-mark 4
iptables -t mangle -A OUTPUT -m statistic --mode nth --every 1 -j RETURN
iptables -t nat -A POSTROUTING -m connmark --mark 1 -j SNAT --to $IP1
iptables -t nat -A POSTROUTING -m connmark --mark 2 -j SNAT --to $IP2
iptables -t nat -A POSTROUTING -m connmark --mark 3 -j SNAT --to $IP3
iptables -t nat -A POSTROUTING -m connmark --mark 4 -j SNAT --to $IP4
exit 0
As for not working, probably it could be realised with couple of rules with
Code:
 
POSTROUTING  -m conntrack --ctstate NEW -m rateest --rateest-delta --rateest1 eth1 --rateest-bps1 2mbit --rateest-gt --rateest2  eth2 --rateest-bps2 200kbit -j CONNMARK --set-mark 1
 
Old 11-26-2012, 12:50 PM   #4
deswarf
LQ Newbie
 
Registered: Jan 2012
Posts: 26

Rep: Reputation: Disabled
According to man iptables that stuff could be used for balancing outgoing connections depending on bandwidth. It compares lines rates and marks packets if 1st line rate is greater than of the second one. But it's when all lines are working. I don't know whether it can be used for checking not working DSL line... I've never been asked to do that before... so cant say for sure... Sorry... It's obvious that you need to separate working IPs from not working with update option, and if there is no response, then packet should be forwarded to the next line... Firstly I thought to solve this with "-m recent" key...
Anyway the question is very interesting and I hope to find some time later to think about it. Post your solution if you'd find it before that
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
DSL Load Balancing and Bonding MikeyCarter Linux - Networking 1 09-17-2008 01:10 PM
Load Balancing using iptables ddaas Linux - Networking 0 10-01-2007 05:01 AM
Need help with Dual ISP load balancing with IPTables daemonik Linux - Networking 2 12-04-2006 11:54 AM
Adding |Load Balancing to IPTables Firewall patpawlowski Linux - Networking 1 11-21-2005 09:42 AM
FTP with IPTables for client with load balancing Bug-bugga Linux - Security 2 10-10-2005 05:15 AM


All times are GMT -5. The time now is 02:15 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration