lartc.org FAQ :
Example of load balancing/redundant internet connections
From: "William L. Thomson Jr."
To: lartc This is a working example from a network I had in CA.
This is not a how to. There are no instructions provided. Please do not ask me for them, as I did not write the original ones I followed when doing this.
Only ask me for help after you have done your homework, and spent at least a day of complete frustration. If you can prove both to me in your first email, I will help out. Otherwise the web, and Google are your friends.
The links I used have been posted to this list more times than I care to say, but for completeness.
Load balance traffic from the inside out (Kernel)
- http://www.ssi.bg/~ja/
- http://www.ssi.bg/~ja/#routes
Load balance from the outside in (DNS)
- http://www.samag.com/documents/s=1824/sam0201h/0201h.htm
(Pay attention to the DNS part and forget the rest)
You must compile a customer kernel with multipath route support, and patched with Julian's patches.
There are three sections. The first applies to all. The second to 2.2 kernels, and the third to 2.4 kernels.
general rules
ip link set lo up
ip link set eth0 up
ip link set eth1 up
ip link set eth2 up
ip addr add 127.0.0.1/8 brd 127.0.0.255 dev lo
ip addr add 192.168.1.250/24 brd 192.168.1.255 dev eth0
ip addr add 10.1.0.2/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.97/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.98/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.99/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.103/16 brd 10.1.255.255 dev eth1
ip addr add 10.2.0.2/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.57/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.58/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.59/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.62/16 brd 10.2.255.255 dev eth2
ip route add 127.0.0.0/8 dev lo
ip rule add prio 10 table main
ip route del default table main
ip rule add prio 20 from 10.1.0.0/16 table 20
ip route add default via 10.1.0.1 dev eth1 src 10.1.0.2 proto static table 20
ip route append prohibit default table 20 metric 1 proto static
ip rule add prio 30 from 10.2.0.0/16 table 30
ip route add default via 10.2.0.1 dev eth2 src 10.2.0.2 proto static table 30
ip route append prohibit default table 30 metric 1 proto static
# Set up load balancing gateways
ip rule add prio 50 table 50
ip route add default table 50 proto static \
nexthop via 10.1.0.1 dev eth1 \
nexthop via 10.2.0.1 dev eth2
Begin 2.2 NAT
ipmasqadm portfw -a -P tcp -L 10.1.0.103 443 -R 192.168.1.3 443
ipmasqadm portfw -a -P tcp -L 10.1.0.103 143 -R 192.168.1.3 143
ipmasqadm portfw -a -P tcp -L 10.1.0.103 110 -R 192.168.1.3 110
ipmasqadm portfw -a -P tcp -L 10.1.0.103 81 -R 192.168.1.3 81
ipmasqadm portfw -a -P tcp -L 10.1.0.103 80 -R 192.168.1.3 80
ipmasqadm portfw -a -P tcp -L 10.1.0.103 25 -R 192.168.1.3 25
ipmasqadm portfw -a -P tcp -L 10.1.0.99 443 -R 192.168.1.1 443
ipmasqadm portfw -a -P tcp -L 10.1.0.99 143 -R 192.168.1.1 143
ipmasqadm portfw -a -P tcp -L 10.1.0.99 110 -R 192.168.1.1 110
ipmasqadm portfw -a -P tcp -L 10.1.0.99 81 -R 192.168.1.1 81
ipmasqadm portfw -a -P tcp -L 10.1.0.99 80 -R 192.168.1.1 80
ipmasqadm portfw -a -P tcp -L 10.1.0.99 25 -R 192.168.1.1 25
ipmasqadm portfw -a -P tcp -L 10.1.0.99 22 -R 192.168.1.1 22
ipmasqadm portfw -a -P tcp -L 10.1.0.99 21 -R 192.168.1.1 21
ipmasqadm portfw -a -P udp -L 10.1.0.98 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P tcp -L 10.1.0.98 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P udp -L 10.1.0.97 53 -R 192.168.1.221 53
ipmasqadm portfw -a -P tcp -L 10.1.0.97 53 -R 192.168.1.221 53
ipmasqadm portfw -a -P tcp -L 10.2.0.62 443 -R 192.168.1.3 443
ipmasqadm portfw -a -P tcp -L 10.2.0.62 143 -R 192.168.1.3 143
ipmasqadm portfw -a -P tcp -L 10.2.0.62 110 -R 192.168.1.3 110
ipmasqadm portfw -a -P tcp -L 10.2.0.62 81 -R 192.168.1.3 81
ipmasqadm portfw -a -P tcp -L 10.2.0.62 80 -R 192.168.1.3 80
ipmasqadm portfw -a -P tcp -L 10.2.0.62 25 -R 192.168.1.3 25
ipmasqadm portfw -a -P tcp -L 10.2.0.59 443 -R 192.168.1.1 443
ipmasqadm portfw -a -P tcp -L 10.2.0.59 143 -R 192.168.1.1 143
ipmasqadm portfw -a -P tcp -L 10.2.0.59 110 -R 192.168.1.1 110
ipmasqadm portfw -a -P tcp -L 10.2.0.59 81 -R 192.168.1.1 81
ipmasqadm portfw -a -P tcp -L 10.2.0.59 80 -R 192.168.1.1 80
ipmasqadm portfw -a -P tcp -L 10.2.0.59 25 -R 192.168.1.1 25
ipmasqadm portfw -a -P tcp -L 10.2.0.59 22 -R 192.168.1.1 22
ipmasqadm portfw -a -P tcp -L 10.2.0.59 21 -R 192.168.1.1 21
ipmasqadm portfw -a -P udp -L 10.2.0.58 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P tcp -L 10.2.0.58 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P udp -L 10.2.0.57 53 -R 192.168.1.221 53
ipmasqadm portfw -a -P tcp -L 10.2.0.57 53 -R 192.168.1.221 53
ipchains -A forward -s 192.168.1.0/24 -j MASQ
Begin 2.4 NAT
iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.99 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.103 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p udp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p tcp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p udp --dport 53 -j DNAT --to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p tcp --dport 53 -j DNAT --to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.59 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i eth1 -d 10.2.0.62 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p udp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p tcp --dport 53 -j DNAT --to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p udp --dport 53 -j DNAT --to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p tcp --dport 53 -j DNAT --to 192.168.1.222
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
other things
Then before you are done make sure to
# Turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Good luck, and hopefully the above can save others from having to ask questions, and others having to answer them.
stef.coene@docum.org
Multiple internet providers