William L. Thomson Jr.
2003-Apr-10 19:50 UTC
Example of load balancing/redundant internet connections
This is a working example from a network I had in CA.
This is not a how to. There are no instructions provided. Please do not
ask me for them, as I did not write the original ones I followed when
doing this.
Only ask me for help after you have done your homework, and spent at
least a day of complete frustration. If you can prove both to me in your
first email, I will help out. Otherwise the web, and Google are your
friends.
The links I used have been posted to this list more times than I care to
say, but for completeness.
Load balance traffic from the inside out (Kernel)
http://www.ssi.bg/~ja/
http://www.ssi.bg/~ja/#routes
Load balance from the outside in (DNS)
http://www.samag.com/documents/s=1824/sam0201h/0201h.htm
(Pay attention to the DNS part and forget the rest)
You must compile a customer kernel with multipath route support, and
patched with Julian''s patches.
There are three sections. The first applies to all. The second to 2.2
kernels, and the third to 2.4 kernels.
<--Begin example->
ip link set lo up
ip link set eth0 up
ip link set eth1 up
ip link set eth2 up
ip addr add 127.0.0.1/8 brd 127.0.0.255 dev lo
ip addr add 192.168.1.250/24 brd 192.168.1.255 dev eth0
ip addr add 10.1.0.2/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.97/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.98/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.99/16 brd 10.1.255.255 dev eth1
ip addr add 10.1.0.103/16 brd 10.1.255.255 dev eth1
ip addr add 10.2.0.2/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.57/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.58/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.59/16 brd 10.2.255.255 dev eth2
ip addr add 10.2.0.62/16 brd 10.2.255.255 dev eth2
ip route add 127.0.0.0/8 dev lo
ip rule add prio 10 table main
ip route del default table main
ip rule add prio 20 from 10.1.0.0/16 table 20
ip route add default via 10.1.0.1 dev eth1 src 10.1.0.2 proto static table 20
ip route append prohibit default table 20 metric 1 proto static
ip rule add prio 30 from 10.2.0.0/16 table 30
ip route add default via 10.2.0.1 dev eth2 src 10.2.0.2 proto static table 30
ip route append prohibit default table 30 metric 1 proto static
# Set up load balancing gateways
ip rule add prio 50 table 50
ip route add default table 50 proto static \
nexthop via 10.1.0.1 dev eth1 \
nexthop via 10.2.0.1 dev eth2
<--End example-->
<--Begin 2.2 NAT-->
ipmasqadm portfw -a -P tcp -L 10.1.0.103 443 -R 192.168.1.3 443
ipmasqadm portfw -a -P tcp -L 10.1.0.103 143 -R 192.168.1.3 143
ipmasqadm portfw -a -P tcp -L 10.1.0.103 110 -R 192.168.1.3 110
ipmasqadm portfw -a -P tcp -L 10.1.0.103 81 -R 192.168.1.3 81
ipmasqadm portfw -a -P tcp -L 10.1.0.103 80 -R 192.168.1.3 80
ipmasqadm portfw -a -P tcp -L 10.1.0.103 25 -R 192.168.1.3 25
ipmasqadm portfw -a -P tcp -L 10.1.0.99 443 -R 192.168.1.1 443
ipmasqadm portfw -a -P tcp -L 10.1.0.99 143 -R 192.168.1.1 143
ipmasqadm portfw -a -P tcp -L 10.1.0.99 110 -R 192.168.1.1 110
ipmasqadm portfw -a -P tcp -L 10.1.0.99 81 -R 192.168.1.1 81
ipmasqadm portfw -a -P tcp -L 10.1.0.99 80 -R 192.168.1.1 80
ipmasqadm portfw -a -P tcp -L 10.1.0.99 25 -R 192.168.1.1 25
ipmasqadm portfw -a -P tcp -L 10.1.0.99 22 -R 192.168.1.1 22
ipmasqadm portfw -a -P tcp -L 10.1.0.99 21 -R 192.168.1.1 21
ipmasqadm portfw -a -P udp -L 10.1.0.98 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P tcp -L 10.1.0.98 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P udp -L 10.1.0.97 53 -R 192.168.1.221 53
ipmasqadm portfw -a -P tcp -L 10.1.0.97 53 -R 192.168.1.221 53
ipmasqadm portfw -a -P tcp -L 10.2.0.62 443 -R 192.168.1.3 443
ipmasqadm portfw -a -P tcp -L 10.2.0.62 143 -R 192.168.1.3 143
ipmasqadm portfw -a -P tcp -L 10.2.0.62 110 -R 192.168.1.3 110
ipmasqadm portfw -a -P tcp -L 10.2.0.62 81 -R 192.168.1.3 81
ipmasqadm portfw -a -P tcp -L 10.2.0.62 80 -R 192.168.1.3 80
ipmasqadm portfw -a -P tcp -L 10.2.0.62 25 -R 192.168.1.3 25
ipmasqadm portfw -a -P tcp -L 10.2.0.59 443 -R 192.168.1.1 443
ipmasqadm portfw -a -P tcp -L 10.2.0.59 143 -R 192.168.1.1 143
ipmasqadm portfw -a -P tcp -L 10.2.0.59 110 -R 192.168.1.1 110
ipmasqadm portfw -a -P tcp -L 10.2.0.59 81 -R 192.168.1.1 81
ipmasqadm portfw -a -P tcp -L 10.2.0.59 80 -R 192.168.1.1 80
ipmasqadm portfw -a -P tcp -L 10.2.0.59 25 -R 192.168.1.1 25
ipmasqadm portfw -a -P tcp -L 10.2.0.59 22 -R 192.168.1.1 22
ipmasqadm portfw -a -P tcp -L 10.2.0.59 21 -R 192.168.1.1 21
ipmasqadm portfw -a -P udp -L 10.2.0.58 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P tcp -L 10.2.0.58 53 -R 192.168.1.222 53
ipmasqadm portfw -a -P udp -L 10.2.0.57 53 -R 192.168.1.221 53
ipmasqadm portfw -a -P tcp -L 10.2.0.57 53 -R 192.168.1.221 53
ipchains -A forward -s 192.168.1.0/24 -j MASQ
<--End 2.2 NAT-->
<--Begin 2.4 NAT-->
iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.99 -p tcp -m multiport --dport
443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i eth1 -d 10.1.0.103 -p tcp -m multiport --dport
443,143,110,81,80,25 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p udp --dport 53 -j DNAT
--to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.97 -p tcp --dport 53 -j DNAT
--to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p udp --dport 53 -j DNAT
--to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.1.0.98 -p tcp --dport 53 -j DNAT
--to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.59 -p tcp -m multiport --dport
443,143,110,81,80,25,22,21 -j DNAT --to 192.168.1.1
iptables -t nat -A PREROUTING -i eth1 -d 10.2.0.62 -p tcp -m multiport --dport
443,143,110,81,80,25 -j DNAT --to 192.168.1.3
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p udp --dport 53 -j DNAT
--to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.57 -p tcp --dport 53 -j DNAT
--to 192.168.1.221
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p udp --dport 53 -j DNAT
--to 192.168.1.222
iptables -t nat -A PREROUTING -i eth2 -d 10.2.0.58 -p tcp --dport 53 -j DNAT
--to 192.168.1.222
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
<--End 2.4 NAT-->
Then before you are done make sure to
# Turn on ip forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Good luck, and hopefully the above can save others from having to ask
questions, and others having to answer them.
--
Sincerely,
William L. Thomson Jr.
Support Group
Obsidian-Studios, Inc.
3548 Jamestown Ln.
Jacksonville, FL 32223
Phone/Fax 904.260.2445
http://www.obsidian-studios.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/