here''s the setup (two dsl - same provider)
+-----> link1
LAN----- linux box --| |----------internet
+-----> link2
the setup is ok in terms of the failover requirement. the other link
takes over when one is down. however, there is a very noticeable lag
when both lines are up. i''ve tried changing the weight value to a
higher one but the links are still under utilized and some client machines
playing games or mostly disconnected. taking down one link makes the
connection ok.
any suggestions? do i need to patch the kernel?
below is the script i''m using on a mandrake 10.1 box.
thanks.
erik
<start of script>
#!/bin/sh
# Iptables userspace executable
IPTABLES="/sbin/iptables"
# Internal Interface
NET_INT_INT=eth1
# Internal IP
NET_INT_IP=192.168.0.101
# Internal Subnet
NET_INT_SUB=/24
# Internal Network
NET_INT_NET=192.168.0.0
# First external interface
NET_EXT_INT1=eth0
# First external IP
NET_EXT_IP1=192.168.1.7
# First external interface''s gateway
NET_EXT_GW1=192.168.1.1
# Second external interface
NET_EXT_INT2=eth2
# Second external IP
NET_EXT_IP2=192.168.1.3
# Second external interface''s gateway
NET_EXT_GW2=192.168.1.1
echo "Flushing All Tables"
$IPTABLES -F
$IPTABLES -F -t nat
$IPTABLES -F -t mangle
$IPTABLES -X -t nat
$IPTABLES -X -t mangle
$IPTABLES -X
$IPTABLES -t mangle -N ETH0
$IPTABLES -t mangle -F ETH0
$IPTABLES -t mangle -A ETH0 -j MARK --set-mark 1
$IPTABLES -t mangle -N ETH2
$IPTABLES -t mangle -F ETH2
$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2
$IPTABLES -t nat -N SPOOF_ETH0
$IPTABLES -t nat -F SPOOF_ETH0"
$IPTABLES -t nat -A SPOOF_ETH0 -j SNAT --to ${NET_EXT_IP1}
$IPTABLES -t nat -N SPOOF_ETH2
$IPTABLES -t nat -F SPOOF_ETH2H2 "
$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2}
echo "Setting some local network rules..."
$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/24 -d ${NET_INT_IP} -j ACCEPT
echo "Setting Mangle rules for eth0..."
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH0
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
--average 50 -j ETH0
ip ro add table 10 default via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
ip ru add fwmark 1 table 10
ip ro fl ca
echo "Setting Mangle rules for eth2..."
$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2
$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random
--average 50 -j ETH2
ip ro add table 20 default via ${NET_EXT_GW2} dev ${NET_EXT_INT2}
ip ru add fwmark 2 table 20
ip ro fl ca
echo "Setting up spoofing rules..."
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH0
$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2
echo "Adding default route..."
ip ro add default nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1}
weight 1 nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2} weight 1
echo "Disabling Reverse Path Filtering..."
echo 0> /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter
echo "Enabling IPv4 Packet forwarding..."
echo "1"> /proc/sys/net/ipv4/ip_forward
<end of script>
--
roderick e. tapang
retapang at gmail dot com
(o_.'' http://counter.li.org/
//\ ----------------------
V_/_ Linux User # 253842
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi! roderick tapang wrote:> here''s the setup (two dsl - same provider) > > +-----> link1 > LAN----- linux box --| |----------internet > +-----> link2 > > the setup is ok in terms of the failover requirement. the other link > takes over when one is down. however, there is a very noticeable lag > when both lines are up. i''ve tried changing the weight value to a > higher one but the links are still under utilized and some client machines > playing games or mostly disconnected. taking down one link makes the > connection ok. > any suggestions? do i need to patch the kernel?I was in the situation like yours. Following the lartc howto did not result in correct functionality (not the same problems as yours). I managed to do it using these links: http://www.ssi.bg/~ja/nano.txt http://www.ssi.bg/~ja/#routes I had to read the nano howto about 5 times to understand it. -- Udv, Nandor _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, Can I know how is your failover works? Any additional scripts? Regards, ro0ot roderick tapang wrote:>here''s the setup (two dsl - same provider) > > +-----> link1 >LAN----- linux box --| |----------internet > +-----> link2 > >the setup is ok in terms of the failover requirement. the other link >takes over when one is down. however, there is a very noticeable lag >when both lines are up. i''ve tried changing the weight value to a >higher one but the links are still under utilized and some client machines >playing games or mostly disconnected. taking down one link makes the >connection ok. >any suggestions? do i need to patch the kernel? > >below is the script i''m using on a mandrake 10.1 box. > >thanks. >erik > ><start of script> >#!/bin/sh ># Iptables userspace executable >IPTABLES="/sbin/iptables" ># Internal Interface >NET_INT_INT=eth1 ># Internal IP >NET_INT_IP=192.168.0.101 ># Internal Subnet >NET_INT_SUB=/24 ># Internal Network >NET_INT_NET=192.168.0.0 ># First external interface >NET_EXT_INT1=eth0 ># First external IP >NET_EXT_IP1=192.168.1.7 ># First external interface''s gateway >NET_EXT_GW1=192.168.1.1 ># Second external interface >NET_EXT_INT2=eth2 ># Second external IP >NET_EXT_IP2=192.168.1.3 ># Second external interface''s gateway >NET_EXT_GW2=192.168.1.1 >echo "Flushing All Tables" >$IPTABLES -F >$IPTABLES -F -t nat >$IPTABLES -F -t mangle >$IPTABLES -X -t nat >$IPTABLES -X -t mangle >$IPTABLES -X > >$IPTABLES -t mangle -N ETH0 >$IPTABLES -t mangle -F ETH0 >$IPTABLES -t mangle -A ETH0 -j MARK --set-mark 1 > >$IPTABLES -t mangle -N ETH2 >$IPTABLES -t mangle -F ETH2 >$IPTABLES -t mangle -A ETH2 -j MARK --set-mark 2 > >$IPTABLES -t nat -N SPOOF_ETH0 >$IPTABLES -t nat -F SPOOF_ETH0" >$IPTABLES -t nat -A SPOOF_ETH0 -j SNAT --to ${NET_EXT_IP1} > >$IPTABLES -t nat -N SPOOF_ETH2 >$IPTABLES -t nat -F SPOOF_ETH2H2 " >$IPTABLES -t nat -A SPOOF_ETH2 -j SNAT --to ${NET_EXT_IP2} > >echo "Setting some local network rules..." >$IPTABLES -A INPUT -p icmp -s ${NET_INT_NET}/24 -d ${NET_INT_IP} -j ACCEPT > >echo "Setting Mangle rules for eth0..." >$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH0 >$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random >--average 50 -j ETH0 >ip ro add table 10 default via ${NET_EXT_GW1} dev ${NET_EXT_INT1} >ip ru add fwmark 1 table 10 >ip ro fl ca > >echo "Setting Mangle rules for eth2..." >$IPTABLES -t mangle -A OUTPUT -o ! ${NET_INT_INT} -m random --average 50 -j ETH2 >$IPTABLES -t mangle -A PREROUTING -i ${NET_INT_INT} -m random >--average 50 -j ETH2 >ip ro add table 20 default via ${NET_EXT_GW2} dev ${NET_EXT_INT2} >ip ru add fwmark 2 table 20 >ip ro fl ca > >echo "Setting up spoofing rules..." >$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT1} -j SPOOF_ETH0 >$IPTABLES -t nat -A POSTROUTING -o ${NET_EXT_INT2} -j SPOOF_ETH2 > >echo "Adding default route..." >ip ro add default nexthop via ${NET_EXT_GW1} dev ${NET_EXT_INT1} >weight 1 nexthop via ${NET_EXT_GW2} dev ${NET_EXT_INT2} weight 1 > >echo "Disabling Reverse Path Filtering..." >echo 0> /proc/sys/net/ipv4/conf/eth0/rp_filter >echo 0> /proc/sys/net/ipv4/conf/eth2/rp_filter > >echo "Enabling IPv4 Packet forwarding..." >echo "1"> /proc/sys/net/ipv4/ip_forward ><end of script> > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/