LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-01-2013, 08:05 PM   #1
robopt
LQ Newbie
 
Registered: Jul 2013
Posts: 3

Rep: Reputation: Disabled
Multi-WAN setup not load balancing / no round robin (iptables, ip routes, ip rules)


I tried posting this on FedoraForum over the weekend, but it has yet to get any replies, so I figure it wouldn't hurt to branch out. Additionally I believe my previous attempt was filtered due to the LACP link I had in it.

I have been bashing my head on this for a few hours now and I have seen to have exhausted most of my Google and forum search results. Server can connect to both gateways and properly performs NAT/Masquerade for a client. The server doesn't seem to be load balancing between the two connections for said client. I just can't figure out the last piece to this puzzle and could use some help.

Overview:
- 2 ISP's -> Fedora Server -> LAN
- 2 ISP's both of same "weight"
- 1 Fedora 18 server with 3 NIC's installed, 2 external facing and 1 internal facing
- Dhcp, ip rules, iptables, and ip routes used

Notes:
192.168.0.1 = ISP0 Gateway
192.168.0.10 = wan0 (interface facing external ISP0)
192.168.1.1 = ISP1 Gateway
192.168.1.10 = wan1 (interface facing external ISP1)
192.168.3.65 = lan0 (interface facing internal LAN)
T0 (10) = routing table for wan0/isp0
T1 (20) = routing table for wan1/isp1

Connection 1 (1 minute of browsing, torrents, chat clients):
Code:
TX:             cum:    914kB   peak:   3.57Mb                                                                                      rates:   3.57Mb  3.57Mb  3.57Mb
RX:                    33.7kB            135kb                                                                                                135kb   135kb   135kb
TOTAL:                  948kB           3.70Mb                                                                                               3.70Mb  3.70Mb  3.70Mb
Connection 2 (1 minute of browsing, torrents, chat clients):
Code:
TX:             cum:      0B    peak:      0b                                                                                          rates:      0b      0b      0b
RX:                    2.35kB           1.23kb                                                                                                     0b      0b    219b
TOTAL:                 2.35kB           1.23kb                                                                                                     0b      0b    219b
ip tables
Code:
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
10 T0 #eth0
20 T1 #eth1
Config
Code:
ip route add 192.168.0.0/24 dev wan0 src 192.168.0.10 table T0
ip route add default via 192.168.0.1 table T0
ip route add 192.168.1.0/24 dev wan1 src 192.168.1.10 table T1
ip route add default via 192.168.1.1 table T1
ip route add 192.168.0.0/24 dev wan0 src 192.168.0.10
ip route add 192.168.1.0/24 dev wan1 src 192.168.1.10
ip route del default
ip route add default scope global nexthop via 192.168.0.1 dev wan0 weight 1 nexthop via 192.168.1.1 dev wan1 weight 1
ip rule add from 192.168.0.10 table T0
ip rule add from 192.168.1.10 table T1
ip rule add to 8.8.8.8 table T0
ip rule add to 8.8.8.8 table T1
iptables -A POSTROUTING -t mangle -j CONNMARK --restore-mark
iptables -A POSTROUTING -t mangle -m mark ! --mark 0 -j ACCEPT
iptables -A POSTROUTING -p tcp --dport 21 -t mangle -j MARK --set-mark 10
iptables -A POSTROUTING -p tcp --dport 80 -t mangle -j MARK --set-mark 20
iptables -A POSTROUTING -t mangle -j CONNMARK --save-mark
iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark
iptables -A POSTROUTING -t mangle -m mark  --mark 10 -j ACCEPT
iptables -A POSTROUTING -t mangle -m mark  --mark 20 -j ACCEPT
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.5 -j MARK --set-mark 20
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark
iptables -t nat -A POSTROUTING -o wan0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o wan1 -j MASQUERADE
iptables -A FORWARD -i lan0 -j ACCEPT
iptables -A FORWARD -o lan0 -j ACCEPT
iptables mangle
- please note some port #'s were tests to see if that was the issue
Code:
*mangle
:PREROUTING ACCEPT [120:33352]
:INPUT ACCEPT [88:6242]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44:4656]
:POSTROUTING ACCEPT [44:34656]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_ZONE_public - [0:0]
:PRE_ZONE_public_allow - [0:0]
:PRE_ZONE_public_deny - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A PREROUTING -j CONNMARK --restore-mark
-A PREROUTING -m mark ! --mark 0 -j ACCEPT
-A PREROUTING -j MARK --set-mark 10
-A PREROUTING -m statistic --mode random --probability 0.5 -j MARK --set-mark 20
#-A PREROUTING -m state --state new -j MARK --set-mark 10
#-A PREROUTING -m state --state new -m statistic --mode random --probability 0.5 -j MARK --set-mark 20
-A PREROUTING -j CONNMARK --save-mark
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -m mark  --mark 10 -j ACCEPT
-A POSTROUTING -m mark  --mark 20 -j ACCEPT
#-A POSTROUTING -j CONNMARK --restore-mark
#-A POSTROUTING -m mark ! --mark 0 -j ACCEPT
#-A POSTROUTING -m mark --mark 0 -p tcp --dport 21 -j MARK --set-mark 10
#-A POSTROUTING -m mark --mark 0 -p tcp --dport 80 -j MARK --set-mark 20
#-A POSTROUTING -m mark --mark 0 -p tcp -j MARK --set-mark 3
#-A POSTROUTING -j CONNMARK --save-mark
-A PREROUTING_ZONES -i eth0 -g PRE_ZONE_public
-A PREROUTING_ZONES -i eth2 -g PRE_ZONE_public
-A PREROUTING_ZONES -i eth1 -g PRE_ZONE_public
-A PREROUTING_ZONES -g PRE_ZONE_public
-A PRE_ZONE_public -j PRE_ZONE_public_deny
-A PRE_ZONE_public -j PRE_ZONE_public_allow
COMMIT
PREROUTING
I have tried commenting out the PREROUTING_direct/PREROUTING_ZONES in the iptables with no effect.
Code:
[user@localhost ~]$ sudo iptables -L PREROUTING -t mangle -v
Chain PREROUTING (policy ACCEPT 3586 packets, 317K bytes)
 pkts bytes target     prot opt in     out     source               destination
 107K  107M PREROUTING_direct  all  --  any    any     anywhere             anywhere
 107K  107M PREROUTING_ZONES  all  --  any    any     anywhere             anywhere
 107K  107M CONNMARK   all  --  any    any     anywhere             anywhere             CONNMARK restore
 104K  107M ACCEPT     all  --  any    any     anywhere             anywhere             mark match ! 0x0
 3589  317K MARK       all  --  any    any     anywhere             anywhere             MARK set 0xa
 1797  154K MARK       all  --  any    any     anywhere             anywhere             statistic mode random probability 0.50000000000 MARK set 0x14
 3589  317K CONNMARK   all  --  any    any     anywhere             anywhere             CONNMARK save
POSTROUTING
I have tried commenting out the POSTROUTING_direct in the iptables with no effect.
Code:
[user@localhost ~]$ sudo iptables -L POSTROUTING -t mangle -v
Chain POSTROUTING (policy ACCEPT 3273 packets, 674K bytes)
 pkts bytes target     prot opt in     out     source               destination
 168K  164M POSTROUTING_direct  all  --  any    any     anywhere             anywhere
59072   44M ACCEPT     all  --  any    any     anywhere             anywhere             mark match 0xa
 106K  120M ACCEPT     all  --  any    any     anywhere             anywhere             mark match 0x14
Any ideas, thoughts, and criticism is greatly appreciated. I am new to the Linux scene so I would love to be corrected if I am doing something wrong!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Multi-WAN setup not load balancing robopt Linux - Networking 2 07-02-2013 02:26 PM
multi wan load balancing arcread Linux - Newbie 2 08-20-2011 01:58 AM
SFTP/load-balancing/round robin help. Jsy Linux - Networking 5 12-22-2009 09:23 PM
Round robin load balancing problem. GuitsBoy Linux - Networking 0 05-03-2004 10:20 AM
Network Load Balancing & DNS round robin scooby snacks Linux - Networking 1 04-19-2004 01:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration