Hi everyone!

Semi "n00b" here, trying to enable load balancing using 2 adsl lines, but before I spend another sleepless night trying to troubleshoot my problem, I would like to know if its at all possible.

I have 2 adsl lines from the same provider, connected to a Mandrake 10 box (I haven't done anything to the kernel, maybe that's my big "Duh" ), which acts as a firewall/NAT/router (via a D-Link 24 port switch) for a group of 15 PC's. Once connected, I normally have consecutive IP's given to ppp0 and ppp1, but the point-to-point address for both is the same. I'll get for example 200.100.100.100 and 200.100.100.101, and for both I would get 10.10.10.1 as the p-t-p address (just example IP's). Is this normal?

Since all the load balancing "how-to's" I've read so far (from linux-ip.net, lartc.org, etc) use the p-t-p address as the gateway for all the routing commands (but they all use examples using 2 different ISP's), I'm wondering if I can have more than one route via the same gateway. If not, I made a pretty bad decision


What I can do:

Use one or the other interface without any problems, both from the Linux machine and from all the PC's in the local network. I'll just delete the default route and add it back with

#ip route add default via 10.10.10.1 dev ppp0 (or ppp1)


What fails completely and leaves me with no connection to the internet, both locally and from the internal LAN:

#ip route add default scope global nexthop via 10.10.10.1 dev ppp0 weight 1 \
nexthop via 10.10.10.1 dev ppp1 weight 1

Would the problem be that it's the same gateway (meaning I can't solve it), or can it be something else? I will greatly appreciate any ideas you may have!


Cheers, Joey.

Bit of an update/better explanation of the problem, in case anyone has any hints...

Here's the issue: I'm trying to set up 2 adsl connections (for backup purposes but mainly because the upstream speed is only 256 kbps on each, and I need at least 512). I originally planned on getting them from 2 different ISP's, but ended up with the same provider for both. I've been reading a lot about routing and load balancing in Linux (currently using Mandrake 10), and over on lartc there's a pretty good how-to on all that stuff, even an example that seemed just what I needed. Here's what I currently have, more or less (ASCII-art stolen from lartc):

The problem is, all exmple configurations I've seen so far have GW1 different from GW2, but in my case it's the same gateway

My local network is 192.168.0.0/24
if1 is ppp0, if2 is ppp1
ip1 is something like 200.190.190.1 and usually ip2 get's the next address or something very similar, like 200.190.180.2. GW1 and GW2 are both 10.10.10.1 (I'm making up the numbers, I don't have access to the linux router right now, but they're pretty close as far as I can remember)

So I add the routes like this:

ip route add 200.190.190.0/32 dev ppp0 src 200.190.190.1 table T1
ip route add default via 10.10.10.1 table T1
ip route add 200.190.180.2/32 dev ppp1 src 200.190.180.2 table T2
ip route add default via 10.10.10.1 table T2


and the rules:

ip rule add from 200.190.190.1 table T1
ip rule add from 200.190.180.2 table T2

With those rules, I can succesfully use either ppp0 or ppp1 as the default connection and browse from all PC's on the LAN

ip route add default via 10.10.10.1 dev ppp0 (or ppp1)

But when it comes time to add a default route and make it multipath, I can only connect from the Linux router itself (yes, after a reboot, I can now sucesfully ping and browse ---using Lynx-- from the router), all other PC's on the LAN are left without any connection to the outside

ip route add default scope global nexthop via 10.10.10.1 dev ppp0 weight 1 \
nexthop via 10.10.10.1 dev ppp1 weight 1

My wild guess is that it gets completely confused by the fact that both gateways are the same, so it can't choose, but I'm a complete routing newbie, so I may be screwing up somewhere and I'm just not seeing it.

I guess I could solve the issue just by splitting the network in two, and making half the PC's use the first connection and the other half the second one, but I wouldn't have automatic failover (unless I can come up with a way to switch everyone to a single interface if the other one goes down...), but it's really nagging me (I LOVE perfection :P )

If anyone has some advice, I'd be REALLY grateful!


Cheers, Joey

This might be an old thread but i am doing the same, except that i don't have a p-t-p connection up to my eth adsl routers yet -- using lan.

Anyway, those doc's you menthoned about larc, i have read them too and well as far as i understand that the packets don't make decisions only via the gateways... the dev is where the packets are sent. I don't quite know why you are having problems with your multipath route configuration - well the working part . Anyway - a note about not patching the kernel (2.4.2): I am also using mandrake 10 and when the routing cache gets flushed by the system the "stream" connections are immediatly dropped. It seems that the NAT'ing doesn't bind properly with the packet or something... and so the connection is seen as i suppose "dealth with" and done. Upon the flushing that connection get's dropped like a sack. I am having extreame difficulties with online games and lengthy connections spanning from 15 to 25 minutes. So i soppose you "could" perhaps test when you put your dsl modems as an eth device and see if it connects. Then you can work from there. I couldn't get connected on my p-t-p and i will give it another bash later. (PS 2 sleepless nights in a row and that is how far i have come.... this morning included).

The RPMS in your installation CD don't include the source of the kernel 2.4.2 - a 43MB download that i will have to do peace by peace today. Then there is the patching... the patch-o-magic from netfilter.... all i know is that i need the CONNMARK patch for this to work better if not properly.

PS look up netsane on google... it is a shell script with, well a good implementation of the larc and the naro.txt (www.ssi.bg/~ja/nano.txt) setup, also it is very easy to configure. Take a look at the script, and see how the commands are passed.

anyway - if you perhaps could give me some direction on p-t-p we could help each other out in the long run. (hopeful)

thank you.

can you perhaps give an ifconfig dump... well i had the same problem and it turned out that the lan eth (linux to network) fell in the same C class address and so packets were getting routed back into the linux box. Try using ip route get "workstation ip on network" and see where the packet travels out.

Hi, i know this post is pretty old but it seems that I have a solution for this.

>But when it comes time to add a default route and make it multipath, I can only connect from the Linux router itself (yes, >after a reboot, I can now sucesfully ping and browse ---using Lynx-- from the router), all other PC's on the LAN are left >without any connection to the outside

It happens because NAT doesnt work for your LAN computers when packets are going back to them. To solve this do not use MASQUERADE but SNAT, so

instead of:

iptables -t nat -A POSTROUTING -o $IF1 -s $LAN_NETWORK_1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o $IF2 -s $LAN_NETWORK_2 -j MASQUERADE

use:

iptables -t nat -A POSTROUTING -o $IF1 -s $LAN_NETWORK_1 -j SNAT --to $ROUTER_EXTERNAL_IP1
iptables -t nat -A POSTROUTING -o $IF2 -s $LAN_NETWORK_2 -j SNAT --to $ROUTER_EXTERNAL_IP2

The drawback is that your router's external IP's mustn't change