You are not logged in.
Hello,
I have two connections. One wireless (wlan0) and one wired (eth0).
They are a bit slow, so I thought that I could use both to have a faster internet connection (this is load-balancing, isn't it?).
Is mode balance-tlb right for me?
Also a problem:
$ netcfg bonded
:: bonded up [ BUSY ]
> Slave eth0 is down and timeout reached
> Slave wlan0 is down and timeout reached
> No slaves up, aborting
configs:
/etc/network.d/bonded:
#CONNECTION="bond"
#DESCRIPTION='Bond Interface'
#INTERFACE='bond0'
#IP='static'
#ADDR="10.0.0.1"
#NETMASK="255.0.0.0"
#SLAVE_INTERFACES=("eth0" "wlan0")
#SKIPNOCARRIER="yes"
CONNECTION="bonding"
INTERFACE="bond0"
SLAVES="eth0 wlan0"
IP="dhcp"
DHCP_TIMEOUT=10
SLAVE_TIMEOUT=5
/etc/network.d/home:
CONNECTION='ethernet'
DESCRIPTION='A basic static ethernet connection using iproute'
INTERFACE='eth0'
IP='static'
ADDR='192.168.1.95'
#ROUTES=('192.168.0.0/24 via 192.168.1.2')
GATEWAY='192.168.1.1'
DNS=('8.8.8.8', '8.8.4.4')
## For IPv6 autoconfiguration
#IP6=stateless
## For IPv6 static address configuration
#IP6='static'
#ADDR6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
#ROUTES6=('abcd::1234')
#GATEWAY6='1234:0:123::abcd'
/etc/network.d/wifi:
CONNECTION='wireless'
DESCRIPTION='A simple WEP encrypted wireless connection'
INTERFACE='wlan0'
SECURITY='wep'
ESSID='wifi'
KEY='abcd'
IP='dhcp'
# Uncomment this if your ssid is hidden
#HIDDEN=yes
## Uncomment if you are using an ad-hoc connection
#ADHOC=1
#IP="static"
#IFOPTS="0.0.0.0"
#PRE_UP="ifenslave bond0 wlan0"
#PRE_DOWN="ifenslave -d bond0 wlan0"
/etc/modprobe.d/bonding.conf:
options bonding mode=balance-tlb
options bonding miimon=100
options bonding primary=eth0
/etc/conf.d/bonding:
empty (only comments)
/etc/conf.d/netcfg:
# Enable these netcfg profiles at boot time.
# - prefix an entry with a '@' to background its startup
# - set to 'last' to restore the profiles running at the last shutdown
# - set to 'menu' to present a menu (requires the dialog package)
# Network profiles are found in /etc/network.d
#NETWORKS=(last)
NETWORKS=(bonded wifi)
# Specify the name of your wired interface for net-auto-wired
#WIRED_INTERFACE="eth0"
# Specify the name of your wireless interface for net-auto-wireless
#WIRELESS_INTERFACE="wlan0"
# Array of profiles that may be started by net-auto-wireless.
# When not specified, all wireless profiles are considered.
#AUTO_PROFILES=("profile1" "profile2")
NOTE: I use systemd
resources to set all these up: http://www.codekoala.com/blog/2012/bond … rch-linux/, https://wiki.archlinux.org/index.php/Co … ng_Network
please tell me if you want an y more info.
Thank you in advance!
Last edited by ttouch (2012-10-28 14:11:35)
GitHub | Git Server | Blog
Offline
Load balancing between two connections will only help if the reason for the slowness is not the internet connection going to your place. In that case the traffic coming from only your ethernet is just as fast as the traffic coming from two different sources. Are you sure the two connections are really independent from each other and not going trough the same router in anyway?
Offline
yes, I am.
2 different ISPs, 2 different routers, 2 different networks
GitHub | Git Server | Blog
Offline
Ok. The key issue seems to be systemd, given that most resources you can find are about sysvinit.
Here is another post with systemd in mind.
https://failprevent.wordpress.com/2012/ … d-systemd/
Offline
the part that I can't understand is how will I configure wlan0 to connect to the wifi and eth0 have static ip?
I do not activate any other netcfg profile! only bond!
GitHub | Git Server | Blog
Offline
Offline
No, bonding it not what you want.
Bonding joins two physical network connections to the same network into 1 logical connection.
You need policy based routing to do what you're after. This script I wrote a while ago might help:
https://github.com/fukawi2/pb-route
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
no. round-robin is not what I'm looking for.
I am 99% sure that bonding on mode balancing-tlb is just what i need.
Also how can I "undo" what your script does? (I have no idea of ip tables)
GitHub | Git Server | Blog
Offline
You should heed fukawi2's advice. I've seen him solve enough network-related issues that I've come to associate razzing primates with network mastery.
Plus, it is my understanding as well that bonding requires the connections to be on the same network. You have connections to different routers to different ISPs. Ask yourself, how would binding them allow the system to determine to which one to send network requests?
If that's not enough to convince you, consider this snippet from the Linux Bonding Driver Modes section of Wikipedia's Link aggregation page:
Adaptive transmit load balancing (balance-tlb)
linux bonding driver mode that does not require any special network switch support. The outgoing network packet traffic is distributed according to the current load (computed relative to the speed) on each network interface slave. Incoming traffic is received by one currently designated slave network interface. If this receiving slave fails, another slave takes over the MAC address of the failed receiving slave.
Last edited by alphaniner (2012-11-01 18:54:50)
But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner
Offline
ok!
@fukawi2: script spits some errors, that some vars are not defined...
pb-route.conf:
# Set to 0 if you want the script to actually implement the rules
# it generates. DO NOT DO THIS WITHOUT TESTING THE OUTPUT FIRST!!
print_only = 1
#
# IP Address and Name of Interface 1, plus
# IP Address and MAC Address of Gateway 1
#ip1 = a.b.c.d
#if1 = eth0
#gw1ip = x.x.x.x
# Optional
#;gw1mac = aa:aa:aa:aa:aa
#;ip1speed = 1500 # In kilobytes, not kilobits
ip1 = 192.168.178.95
gw1ip = 192.168.178.1
ip1speed = 55
#
# IP Address and Name of Interface 2, plus
# IP Address and MAC Address of Gateway 2
#ip2 = w.x.y.z
#if2 = eth2
#gw2ip = y.y.y.y
# Optional
#;gw2mac = bb:bb:bb:bb:bb
#;ip2speed = 1500 # In kilobytes, not kilobits
ip2 = 192.168.1.95
gw2ip = 192.168.1.1
ip2speed = 32
#
# SNAT
# These source address will be Source NAT'ed as they exit outbound
snat = 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
#
# DEFAULT POLICY
# Anything not matched in the POLICIES (below) will be
# subject to default routing
# gw1 = Route via gw1
# gw2 = Route via gw2
# balanced = round-robin balance between both gateways
default = balanced
#
# POLICIES
#
#port = 80 gw2 # WEB
#port = 443 gw2 # WEB
#port = 21 gw1 # FTP
#port = 22 gw2 # SSH
#destination = 74.125.0.0/16 gw1 # GMail IMAP
#destination = 209.0.0.0/8 gw1 # IP-Chicken is here
#proto = icmp gw2 # ICMP via gateway 2
also the command line arguments does not work. I have no idea of perl, so could you fix this?
Last edited by ttouch (2012-11-01 20:07:38)
GitHub | Git Server | Blog
Offline
You should heed fukawi2's advice. I've seen him solve enough network-related issues that I've come to associate razzing primates with network mastery.
lol, thanks alphaniner
@ttouch
My apologies if the script doesn't work for you; it was something I threw together before I forgot how to do that stuff so I'd have something to come back to next time I needed it, and I never completely "polished" it. I don't have time at the moment to dig into it too far.
These articles explain the actual process of setting up load-balancing between multiple ISP connections;
http://www.diegolima.org/wordpress/?p=36
http://linux-ip.net/html/adv-multi-internet.html
EDIT: to explain the technical difference between bonding and what you're trying to do, bonding joins multiple Layer 1 devices to provide a single Layer 2 (switching) object. Multiple ISP connections need to be "joined" (balanced) at minimum using Layer 3 (routing) because your ISP is expecting IP packets from your end, not switched packets.
FTR, to wipe your iptables rules:
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
Last edited by fukawi2 (2012-11-01 22:14:32)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
what more configuration is needed? I mean necfg profiles or what?
GitHub | Git Server | Blog
Offline
Sorry for the delayed reply; been AFK for a long weekend here
what more configuration is needed? I mean necfg profiles or what?
You configure your network interfaces as normal using your preferred method (netcfg or whatever).
You then configure multiple routing tables (using iproute2 package) to load-balance between the 2 configured interfaces.
Last edited by fukawi2 (2012-11-07 01:04:00)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
there is a problem with the multiple gateways...:(
I made a diagram:
made with Dia
GitHub | Git Server | Blog
Offline
ok, problem with multiple gateways was solved, I just commented the "gateway" in netcfg.
now I get this warning: WARNING: The state match is obsolete. Use conntrack instead.
Do I have to care about it?
GitHub | Git Server | Blog
Offline
now I get this warning: WARNING: The state match is obsolete. Use conntrack instead.
Do I have to care about it?
It's not a critical problem until 'state' module is properly removed. To fix it, just change any iptables rules that uses "-m state --state" to "-m conntrack --ctstate"
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
I haven't tried with this fix. I will try it tomorrow.
When I configure my network with netcfg (so I have access to both lans) and haven't set any gateway and execute your script, nothing changes.
I systemctl start iptables before and after the script execution, but nothing changes.
thank your help and patience until now fukawi2.
GitHub | Git Server | Blog
Offline
What is the output of `ip r s table all`?
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
default via 192.168.1.1 dev wlan0 table ISP2
192.168.1.0/24 dev wlan0 table ISP2 proto kernel scope link src 192.168.1.95
192.168.178.0/24 dev eth0 table ISP2 proto kernel scope link src 192.168.178.95
default via 192.168.178.1 dev eth0 table ISP1
192.168.1.0/24 dev wlan0 table ISP1 proto kernel scope link src 192.168.1.95
192.168.178.0/24 dev eth0 table ISP1 proto kernel scope link src 192.168.178.95
default via 192.168.1.1 dev wlan0 table 2
192.168.1.0/24 dev wlan0 table 2 proto kernel scope link src 192.168.1.95
192.168.178.0/24 dev eth0 table 2 proto kernel scope link src 192.168.178.95
default via 192.168.178.1 dev eth0
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.95
192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.95
default via 192.168.178.1 dev eth0 table 1
192.168.178.0/24 dev wlan0 table 1 proto kernel scope link src 192.168.178.95
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev wlan0 table local proto kernel scope link src 192.168.1.95
local 192.168.1.95 dev wlan0 table local proto kernel scope host src 192.168.1.95
broadcast 192.168.1.255 dev wlan0 table local proto kernel scope link src 192.168.1.95
broadcast 192.168.178.0 dev eth0 table local proto kernel scope link src 192.168.178.95
local 192.168.178.95 dev eth0 table local proto kernel scope host src 192.168.178.95
broadcast 192.168.178.255 dev eth0 table local proto kernel scope link src 192.168.178.95
local ::1 dev lo proto kernel metric 256
unreachable fe80::/64 dev lo proto kernel metric 256 error -101
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev wlan0 proto kernel metric 256
unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 hoplimit 255
local ::1 via :: dev lo table local proto none metric 0
local fe80::208:caff:fe33:ab35 via :: dev lo table local proto none metric 0
local fe80::ca60:ff:fe3c:fc2f via :: dev lo table local proto none metric 0
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev wlan0 table local metric 256
unreachable default dev lo table unspec proto kernel metric 4294967295 error -101 hoplimit 255
192.168.178.1 is my main ISP on eth0
192.168.1.1 is my secondary ISP on wlan0
Last edited by ttouch (2012-11-13 12:39:40)
GitHub | Git Server | Blog
Offline
OK, so you seem to have 5 tables: 1, 2, ISP1, ISP2, and the system default (254).
Table 1 is missing the route for 192.168.1.0/24 via dev wlan0, but other than that they look OK. Table 1 and Table ISP1 are duplicates, so you can choose which one you want to keep and delete the other. Same for Table 2 and ISP2.
What does your `iptables -nvL -t mangle` output look like?
Post the output of my script too if you're still using that would be good.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Chain PREROUTING (policy ACCEPT 1170K packets, 1066M bytes)
pkts bytes target prot opt in out source destination
1170K 1066M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x1
Chain INPUT (policy ACCEPT 1169K packets, 1066M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1001K packets, 112M bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1001K packets, 112M bytes)
pkts bytes target prot opt in out source destination
GitHub | Git Server | Blog
Offline
I created a script with the output of your script as I get errors when running it as root. Here is the script:
#!/bin/bash
/usr/sbin/ip route flush table ISP1 2>/dev/null
/usr/sbin/ip rule del fwmark 101 table ISP1 2>/dev/null
/usr/sbin/ip route add table ISP1 192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.31 metric 202 2>/dev/null
/usr/sbin/ip route add table ISP1 default via 192.168.178.1 dev eth0
/usr/sbin/ip rule add fwmark 101 table ISP1
/usr/sbin/ip route flush table ISP2 2>/dev/null
/usr/sbin/ip rule del fwmark 102 table ISP2 2>/dev/null
/usr/sbin/ip route add table ISP2 192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.31 metric 202 2>/dev/null
/usr/sbin/ip route add table ISP2 default via 192.168.1.1 dev wlan0
/usr/sbin/ip rule add fwmark 102 table ISP2
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
/usr/sbin/iptables -t mangle -N MARK-gw1
/usr/sbin/iptables -t mangle -A MARK-gw1 -m comment --comment 'send via 192.168.178.1' -j MARK --set-mark 101
/usr/sbin/iptables -t mangle -A MARK-gw1 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw1 -j RETURN
/usr/sbin/iptables -t mangle -N MARK-gw2
/usr/sbin/iptables -t mangle -A MARK-gw2 -m comment --comment 'send via 192.168.1.1' -j MARK --set-mark 102
/usr/sbin/iptables -t mangle -A MARK-gw2 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw2 -j RETURN
/usr/sbin/iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment "this stream is already marked; escape early" -m mark ! --mark 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i eth0 -m state --state NEW -j MARK-gw1
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i wlan0 -m state --state NEW -j MARK-gw2
/usr/sbin/iptables -t mangle -N DEF_POL
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p tcp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p udp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound eth0' -o eth0 -s 192.168.0.0/16 -m mark --mark 101 -j SNAT --to-source 192.168.178.95
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound wlan0' -o wlan0 -s 192.168.0.0/16 -m mark --mark 102 -j SNAT --to-source 192.168.1.95
/usr/sbin/ip route flush cache
And here is the output:
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
GitHub | Git Server | Blog
Offline
I created a script with the output of your script as I get errors when running it as root. Here is the script:
That all looks OK to me.
And here is the output:
Those are warnings, not errors. They shouldn't matter, but try this instead:
#!/bin/bash
/usr/sbin/ip route flush table ISP1 2>/dev/null
/usr/sbin/ip rule del fwmark 101 table ISP1 2>/dev/null
/usr/sbin/ip route add table ISP1 192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.31 metric 202 2>/dev/null
/usr/sbin/ip route add table ISP1 default via 192.168.178.1 dev eth0
/usr/sbin/ip rule add fwmark 101 table ISP1
/usr/sbin/ip route flush table ISP2 2>/dev/null
/usr/sbin/ip rule del fwmark 102 table ISP2 2>/dev/null
/usr/sbin/ip route add table ISP2 192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.31 metric 202 2>/dev/null
/usr/sbin/ip route add table ISP2 default via 192.168.1.1 dev wlan0
/usr/sbin/ip rule add fwmark 102 table ISP2
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
/usr/sbin/iptables -t mangle -N MARK-gw1
/usr/sbin/iptables -t mangle -A MARK-gw1 -m comment --comment 'send via 192.168.178.1' -j MARK --set-mark 101
/usr/sbin/iptables -t mangle -A MARK-gw1 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw1 -j RETURN
/usr/sbin/iptables -t mangle -N MARK-gw2
/usr/sbin/iptables -t mangle -A MARK-gw2 -m comment --comment 'send via 192.168.1.1' -j MARK --set-mark 102
/usr/sbin/iptables -t mangle -A MARK-gw2 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw2 -j RETURN
/usr/sbin/iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment "this stream is already marked; escape early" -m mark ! --mark 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i eth0 -m conntrack --ctstate NEW -j MARK-gw1
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i wlan0 -m conntrack --ctstate NEW -j MARK-gw2
/usr/sbin/iptables -t mangle -N DEF_POL
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p udp -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound eth0' -o eth0 -s 192.168.0.0/16 -m mark --mark 101 -j SNAT --to-source 192.168.178.95
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound wlan0' -o wlan0 -s 192.168.0.0/16 -m mark --mark 102 -j SNAT --to-source 192.168.1.95
/usr/sbin/ip route flush cache
Make sure all those rules are put into the kernel properly -- check the output of `iptables -t mangle -nvL`
Last edited by fukawi2 (2012-11-14 22:25:01)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
Ok, now it executes succesfully. However I have no internet connectivity.
All I do is to configure the interfaces via netcfg (no gateways anywhere) and then I execute your script.
In order to have internet, I shoud "ip route add default via 192.168.178.1" which is just a regular network set up.
Any idea what's going on?
GitHub | Git Server | Blog
Offline
Does the output of `iptables -t mangle -nvL` indicate that any of those rules are being hit against? The first 2 columns should have numbers > 0 if they are being hit.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline