William L. Thomson Jr.
2003-Apr-10 19:50 UTC
Example of load balancing/redundant internet connections
This is a working example from a network I had in CA. This is not a how to. There are no instructions provided. Please do not ask me for them, as I did not write the original ones I followed when doing this. Only ask me for help after you have done your homework, and spent at least a day of complete frustration. If you can prove both to me in your first email, I will help out. Otherwise the web, and Google are your friends. The links I used have been posted to this list more times than I care to say, but for completeness. Load balance traffic from the inside out (Kernel) http://www.ssi.bg/~ja/ http://www.ssi.bg/~ja/#routes Load balance from the outside in (DNS) http://www.samag.com/documents/s=1824/sam0201h/0201h.htm (Pay attention to the DNS part and forget the rest) You must compile a customer kernel with multipath route support, and patched with Julian''s patches. There are three sections. The first applies to all. The second to 2.2 kernels, and the third to 2.4 kernels. <--Begin example-> ip link set lo up ip link set eth0 up ip link set eth1 up ip link set eth2 up ip addr add 127.0.0.1/8 brd 127.0.0.255 dev lo ip addr add 192.168.1.250/24 brd 192.168.1.255 dev eth0 ip addr add 10.1.0.2/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.97/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.98/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.99/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.103/16 brd 10.1.255.255 dev eth1 ip addr add 10.2.0.2/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.57/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.58/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.59/16 brd 10.2.255.255 dev eth2 ip addr add 10.2.0.62/16 brd 10.2.255.255 dev eth2 ip route add 127.0.0.0/8 dev lo ip rule add prio 10 table main ip route del default table main ip rule add prio 20 from 10.1.0.0/16 table 20 ip route add default via 10.1.0.1 dev eth1 src 10.1.0.2 proto static table 20 ip route append prohibit default table 20 metric 1 proto static ip rule add prio 30 from 10.2.0.0/16 table 30 ip route add default via 10.2.0.1 dev eth2 src 10.2.0.2 proto static table 30 ip route append prohibit default table 30 metric 1 proto static # Set up load balancing gateways ip rule add prio 50 table 50 ip route add default table 50 proto static \ nexthop via 10.1.0.1 dev eth1 \ nexthop via 10.2.0.1 dev eth2 <--End example--> <--Begin 2.2 NAT--> ipmasqadm portfw -a -P tcp -L 10.1.0.103 443 -R 192.168.1.3 443 ipmasqadm portfw -a -P tcp -L 10.1.0.103 143 -R 192.168.1.3 143 ipmasqadm portfw -a -P tcp -L 10.1.0.103 110 -R 192.168.1.3 110 ipmasqadm portfw -a -P tcp -L 10.1.0.103 81 -R 192.168.1.3 81 ipmasqadm portfw -a -P tcp -L 10.1.0.103 80 -R 192.168.1.3 80 ipmasqadm portfw -a -P tcp -L 10.1.0.103 25 -R 192.168.1.3 25 ipmasqadm portfw -a -P tcp -L 10.1.0.99 443 -R 192.168.1.1 443 ipmasqadm portfw -a -P tcp -L 10.1.0.99 143 -R 192.168.1.1 143 ipmasqadm portfw -a -P tcp -L 10.1.0.99 110 -R 192.168.1.1 110 ipmasqadm portfw -a -P tcp -L 10.1.0.99 81 -R 192.168.1.1 81 ipmasqadm portfw -a -P tcp -L 10.1.0.99 80 -R 192.168.1.1 80 ipmasqadm portfw -a -P tcp -L 10.1.0.99 25 -R 192.168.1.1 25 ipmasqadm portfw -a -P tcp -L 10.1.0.99 22 -R 192.168.1.1 22 ipmasqadm portfw -a -P tcp -L 10.1.0.99 21 -R 192.168.1.1 21 ipmasqadm portfw -a -P udp -L 10.1.0.98 53 -R 192.168.1.222 53 ipmasqadm portfw -a -P tcp -L 10.1.0.98 53 -R 192.168.1.222 53 ipmasqadm portfw -a -P udp -L 10.1.0.97 53 -R 192.168.1.221 53 ipmasqadm portfw -a -P tcp -L 10.1.0.97 53 -R 192.168.1.221 53 ipmasqadm portfw -a -P tcp -L 10.2.0.62 443 -R 192.168.1.3 443 ipmasqadm portfw -a -P tcp -L 10.2.0.62 143 -R 192.168.1.3 143 ipmasqadm portfw -a -P tcp -L 10.2.0.62 110 -R 192.168.1.3 110 ipmasqadm portfw -a -P tcp -L 10.2.0.62 81 -R 192.168.1.3 81 ipmasqadm portfw -a -P tcp -L 10.2.0.62 80 -R 192.168.1.3 80 ipmasqadm portfw -a -P tcp -L 10.2.0.62 25 -R 192.168.1.3 25 ipmasqadm portfw -a -P tcp -L 10.2.0.59 443 -R 192.168.1.1 443 ipmasqadm portfw -a -P tcp -L 10.2.0.59 143 -R 192.168.1.1 143 ipmasqadm portfw -a -P tcp -L 10.2.0.59 110 -R 192.168.1.1 110 ipmasqadm portfw -a -P tcp -L 10.2.0.59 81 -R 192.168.1.1 81 ipmasqadm portfw -a -P tcp -L 10.2.0.59 80 -R 192.168.1.1 80 ipmasqadm portfw -a -P tcp -L 10.2.0.59 25 -R 192.168.1.1 25 ipmasqadm portfw -a -P tcp -L 10.2.0.59 22 -R 192.168.1.1 22 ipmasqadm portfw -a -P tcp -L 10.2.0.59 21 -R 192.168.1.1 21 ipmasqadm portfw -a -P udp -L 10.2.0.58 53 -R 192.168.1.222 53 ipmasqadm portfw -a -P tcp -L 10.2.0.58 53 -R 192.168.1.222 53 ipmasqadm portfw -a -P udp -L 10.2.0.57 53 -R 192.168.1.221 53 ipmasqadm portfw -a -P tcp -L 10.2.0.57 53 -R 192.168.1.221 53 ipchains -A forward -s 192.168.1.0/24 -j MASQ <--End 2.2 NAT--> <--Begin 2.4 NAT--> iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.99 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1 iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.103 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p udp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p tcp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p udp --dport 53 -j DNAT --to 192.168.1.222 iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p tcp --dport 53 -j DNAT --to 192.168.1.222 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.59 -p tcp -m multiport --dport 443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1 iptables -t nat -A PREROUTING -i eth1 -d 10.2.0.62 -p tcp -m multiport --dport 443,143,110,81,80,25 -j DNAT --to 192.168.1.3 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p udp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p tcp --dport 53 -j DNAT --to 192.168.1.221 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p udp --dport 53 -j DNAT --to 192.168.1.222 iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p tcp --dport 53 -j DNAT --to 192.168.1.222 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE <--End 2.4 NAT--> Then before you are done make sure to # Turn on ip forwarding echo 1 > /proc/sys/net/ipv4/ip_forward Good luck, and hopefully the above can save others from having to ask questions, and others having to answer them. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios, Inc. 3548 Jamestown Ln. Jacksonville, FL 32223 Phone/Fax 904.260.2445 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/