You are not logged in.

#1 2012-10-28 14:09:21

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Network bonding

Hello,

I have two connections. One wireless (wlan0) and one wired (eth0).
They are a bit slow, so I thought that I could use both to have a faster internet connection (this is load-balancing, isn't it?).
Is mode balance-tlb right for me?
Also a problem:

$ netcfg bonded 
:: bonded up                                       [ BUSY ]
  > Slave eth0 is down and timeout reached
  > Slave wlan0 is down and timeout reached
  > No slaves up, aborting

configs:
/etc/network.d/bonded:

#CONNECTION="bond"
#DESCRIPTION='Bond Interface'
#INTERFACE='bond0'
#IP='static'
#ADDR="10.0.0.1"
#NETMASK="255.0.0.0"
#SLAVE_INTERFACES=("eth0" "wlan0")
#SKIPNOCARRIER="yes"

CONNECTION="bonding"
INTERFACE="bond0"
SLAVES="eth0 wlan0"
IP="dhcp"
DHCP_TIMEOUT=10
SLAVE_TIMEOUT=5

/etc/network.d/home:

CONNECTION='ethernet'
DESCRIPTION='A basic static ethernet connection using iproute'
INTERFACE='eth0'
IP='static'
ADDR='192.168.1.95'
#ROUTES=('192.168.0.0/24 via 192.168.1.2')
GATEWAY='192.168.1.1'
DNS=('8.8.8.8', '8.8.4.4')

## For IPv6 autoconfiguration
#IP6=stateless

## For IPv6 static address configuration
#IP6='static'
#ADDR6=('1234:5678:9abc:def::1/64' '1234:3456::123/96')
#ROUTES6=('abcd::1234')
#GATEWAY6='1234:0:123::abcd'

/etc/network.d/wifi:

CONNECTION='wireless'
DESCRIPTION='A simple WEP encrypted wireless connection'
INTERFACE='wlan0'
SECURITY='wep'
ESSID='wifi'
KEY='abcd'
IP='dhcp'
# Uncomment this if your ssid is hidden
#HIDDEN=yes
## Uncomment if you are using an ad-hoc connection
#ADHOC=1
#IP="static"
#IFOPTS="0.0.0.0"
#PRE_UP="ifenslave bond0 wlan0"
#PRE_DOWN="ifenslave -d bond0 wlan0"

/etc/modprobe.d/bonding.conf:

options bonding mode=balance-tlb
options bonding miimon=100
options bonding primary=eth0

/etc/conf.d/bonding:
empty (only comments)

/etc/conf.d/netcfg:

# Enable these netcfg profiles at boot time.
#   - prefix an entry with a '@' to background its startup
#   - set to 'last' to restore the profiles running at the last shutdown
#   - set to 'menu' to present a menu (requires the dialog package)
# Network profiles are found in /etc/network.d
#NETWORKS=(last)
NETWORKS=(bonded wifi)

# Specify the name of your wired interface for net-auto-wired
#WIRED_INTERFACE="eth0"

# Specify the name of your wireless interface for net-auto-wireless
#WIRELESS_INTERFACE="wlan0"

# Array of profiles that may be started by net-auto-wireless.
# When not specified, all wireless profiles are considered.
#AUTO_PROFILES=("profile1" "profile2")

NOTE: I use systemd
resources to set all these up: http://www.codekoala.com/blog/2012/bond … rch-linux/, https://wiki.archlinux.org/index.php/Co … ng_Network
please tell me if you want an y more info.
Thank you in advance!

Last edited by ttouch (2012-10-28 14:11:35)

Offline

#2 2012-10-28 18:03:55

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,001
Website

Re: Network bonding

Load balancing between two connections will only help if the reason for the slowness is not the internet connection going to your place. In that case the traffic coming from only your ethernet is just as fast as the traffic coming from two different sources. Are you sure the two connections are really independent from each other and not going trough the same router in anyway?

Offline

#3 2012-10-28 18:10:20

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

yes, I am.
2 different ISPs, 2 different routers, 2 different networks

Offline

#4 2012-10-28 18:38:09

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,001
Website

Re: Network bonding

Ok. The key issue seems to be systemd, given that most resources you can find are about sysvinit.
Here is another post with systemd in mind.
https://failprevent.wordpress.com/2012/ … d-systemd/

Offline

#5 2012-10-28 18:53:07

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

the part that I can't understand is how will I configure wlan0 to connect to the wifi and eth0 have static ip?
I do not activate any other netcfg profile! only bond! hmm

Offline

#6 2012-10-31 21:09:27

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

bump

Offline

#7 2012-10-31 22:12:06

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

No, bonding it not what you want.

Bonding joins two physical network connections to the same network into 1 logical connection.

You need policy based routing to do what you're after. This script I wrote a while ago might help:
https://github.com/fukawi2/pb-route

Offline

#8 2012-11-01 18:18:45

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

no. round-robin is not what I'm looking for.
I am 99% sure that bonding on mode balancing-tlb is just what i need.
Also how can I "undo" what your script does? (I have no idea of ip tables)

Offline

#9 2012-11-01 18:53:55

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,571

Re: Network bonding

You should heed fukawi2's advice.  I've seen him solve enough network-related issues that I've come to associate razzing primates with network mastery.

Plus, it is my understanding as well that bonding requires the connections to be on the same network.  You have connections to different routers to different ISPs.  Ask yourself, how would binding them allow the system to determine to which one to send network requests?

If that's not enough to convince you, consider this snippet from the Linux Bonding Driver Modes section of Wikipedia's Link aggregation page:

Adaptive transmit load balancing (balance-tlb)
linux bonding driver mode that does not require any special network switch support. The outgoing network packet traffic is distributed according to the current load (computed relative to the speed) on each network interface slave. Incoming traffic is received by one currently designated slave network interface. If this receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

Last edited by alphaniner (2012-11-01 18:54:50)


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#10 2012-11-01 19:06:04

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

ok!
@fukawi2: script spits some errors, that some vars are not defined...
pb-route.conf:

# Set to 0 if you want the script to actually implement the rules
# it generates. DO NOT DO THIS WITHOUT TESTING THE OUTPUT FIRST!!
print_only = 1

#
# IP Address and Name of Interface 1, plus
# IP Address and MAC Address of Gateway 1
#ip1 = a.b.c.d
#if1 = eth0
#gw1ip = x.x.x.x
# Optional
#;gw1mac = aa:aa:aa:aa:aa
#;ip1speed = 1500	# In kilobytes, not kilobits

ip1 = 192.168.178.95
gw1ip = 192.168.178.1
ip1speed = 55

#
# IP Address and Name of Interface 2, plus
# IP Address and MAC Address of Gateway 2
#ip2 = w.x.y.z
#if2 = eth2
#gw2ip = y.y.y.y
# Optional
#;gw2mac = bb:bb:bb:bb:bb
#;ip2speed = 1500	# In kilobytes, not kilobits

ip2 = 192.168.1.95
gw2ip = 192.168.1.1
ip2speed = 32

#
# SNAT
# These source address will be Source NAT'ed as they exit outbound
snat = 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8

#
# DEFAULT POLICY
# Anything not matched in the POLICIES (below) will be
# subject to default routing
#      gw1 = Route via gw1
#      gw2 = Route via gw2
# balanced = round-robin balance between both gateways
default = balanced

#
# POLICIES
#
#port = 80 gw2	# WEB
#port = 443 gw2	# WEB
#port = 21 gw1	# FTP
#port = 22 gw2	# SSH
#destination = 74.125.0.0/16 gw1	# GMail IMAP
#destination = 209.0.0.0/8 gw1	# IP-Chicken is here
#proto = icmp gw2		# ICMP via gateway 2

also the command line arguments does not work. I have no idea of perl, so could you fix this?

Last edited by ttouch (2012-11-01 20:07:38)

Offline

#11 2012-11-01 22:11:16

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

alphaniner wrote:

You should heed fukawi2's advice.  I've seen him solve enough network-related issues that I've come to associate razzing primates with network mastery.

lol, thanks alphaniner smile

@ttouch
My apologies if the script doesn't work for you; it was something I threw together before I forgot how to do that stuff so I'd have something to come back to next time I needed it, and I never completely "polished" it. I don't have time at the moment to dig into it too far.
These articles explain the actual process of setting up load-balancing between multiple ISP connections;
http://www.diegolima.org/wordpress/?p=36
http://linux-ip.net/html/adv-multi-internet.html

EDIT: to explain the technical difference between bonding and what you're trying to do, bonding joins multiple Layer 1 devices to provide a single Layer 2 (switching) object. Multiple ISP connections need to be "joined" (balanced) at minimum using Layer 3 (routing) because your ISP is expecting IP packets from your end, not switched packets.

FTR, to wipe your iptables rules:

iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X

Last edited by fukawi2 (2012-11-01 22:14:32)

Offline

#12 2012-11-06 13:28:06

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

what more configuration is needed? I mean necfg profiles or what?

Offline

#13 2012-11-07 01:03:35

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

Sorry for the delayed reply; been AFK for a long weekend here big_smile

ttouch wrote:

what more configuration is needed? I mean necfg profiles or what?

You configure your network interfaces as normal using your preferred method (netcfg or whatever).

You then configure multiple routing tables (using iproute2 package) to load-balance between the 2 configured interfaces.

Last edited by fukawi2 (2012-11-07 01:04:00)

Offline

#14 2012-11-10 10:43:05

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

there is a problem with the multiple gateways...:(
I made a diagram:
Load balancing
made with Dia

Offline

#15 2012-11-11 20:47:32

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

ok, problem with multiple gateways was solved, I just commented the "gateway" in netcfg.
now I get this warning: WARNING: The state match is obsolete. Use conntrack instead.
Do I have to care about it?

Offline

#16 2012-11-11 22:12:03

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

ttouch wrote:

now I get this warning: WARNING: The state match is obsolete. Use conntrack instead.
Do I have to care about it?

It's not a critical problem until 'state' module is properly removed. To fix it, just change any iptables rules that uses "-m state --state" to "-m conntrack --ctstate"

See here:
https://bbs.archlinux.org/viewtopic.php?id=131895

Offline

#17 2012-11-11 22:24:03

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

I haven't tried with this fix. I will try it tomorrow.
When I configure my network with netcfg (so I have access to both lans) and haven't set any gateway and execute your script, nothing changes.
I systemctl start iptables before and after the script execution, but nothing changes.
thank your help and patience until now fukawi2.

Offline

#18 2012-11-12 22:45:57

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

What is the output of `ip r s table all`?

Offline

#19 2012-11-13 12:39:07

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

default via 192.168.1.1 dev wlan0  table ISP2 
192.168.1.0/24 dev wlan0  table ISP2  proto kernel  scope link  src 192.168.1.95 
192.168.178.0/24 dev eth0  table ISP2  proto kernel  scope link  src 192.168.178.95 
default via 192.168.178.1 dev eth0  table ISP1 
192.168.1.0/24 dev wlan0  table ISP1  proto kernel  scope link  src 192.168.1.95 
192.168.178.0/24 dev eth0  table ISP1  proto kernel  scope link  src 192.168.178.95 
default via 192.168.1.1 dev wlan0  table 2 
192.168.1.0/24 dev wlan0  table 2  proto kernel  scope link  src 192.168.1.95 
192.168.178.0/24 dev eth0  table 2  proto kernel  scope link  src 192.168.178.95 
default via 192.168.178.1 dev eth0 
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.95 
192.168.178.0/24 dev eth0  proto kernel  scope link  src 192.168.178.95 
default via 192.168.178.1 dev eth0  table 1 
192.168.178.0/24 dev wlan0  table 1  proto kernel  scope link  src 192.168.178.95 
broadcast 127.0.0.0 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.1 dev lo  table local  proto kernel  scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  table local  proto kernel  scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev wlan0  table local  proto kernel  scope link  src 192.168.1.95 
local 192.168.1.95 dev wlan0  table local  proto kernel  scope host  src 192.168.1.95 
broadcast 192.168.1.255 dev wlan0  table local  proto kernel  scope link  src 192.168.1.95 
broadcast 192.168.178.0 dev eth0  table local  proto kernel  scope link  src 192.168.178.95 
local 192.168.178.95 dev eth0  table local  proto kernel  scope host  src 192.168.178.95 
broadcast 192.168.178.255 dev eth0  table local  proto kernel  scope link  src 192.168.178.95 
local ::1 dev lo  proto kernel  metric 256 
unreachable fe80::/64 dev lo  proto kernel  metric 256  error -101
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev wlan0  proto kernel  metric 256 
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101 hoplimit 255
local ::1 via :: dev lo  table local  proto none  metric 0 
local fe80::208:caff:fe33:ab35 via :: dev lo  table local  proto none  metric 0 
local fe80::ca60:ff:fe3c:fc2f via :: dev lo  table local  proto none  metric 0 
ff00::/8 dev eth0  table local  metric 256 
ff00::/8 dev wlan0  table local  metric 256 
unreachable default dev lo  table unspec  proto kernel  metric 4294967295  error -101 hoplimit 255

192.168.178.1 is my main ISP on eth0
192.168.1.1 is my secondary ISP on wlan0

Last edited by ttouch (2012-11-13 12:39:40)

Offline

#20 2012-11-13 22:13:35

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

OK, so you seem to have 5 tables: 1, 2, ISP1, ISP2, and the system default (254).

Table 1 is missing the route for 192.168.1.0/24 via dev wlan0, but other than that they look OK. Table 1 and Table ISP1 are duplicates, so you can choose which one you want to keep and delete the other. Same for Table 2 and ISP2.

What does your `iptables -nvL -t mangle` output look like?

Post the output of my script too if you're still using that would be good.

Offline

#21 2012-11-14 12:39:20

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

Chain PREROUTING (policy ACCEPT 1170K packets, 1066M bytes)
 pkts bytes target     prot opt in     out     source               destination         
1170K 1066M MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0            MARK set 0x1

Chain INPUT (policy ACCEPT 1169K packets, 1066M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1001K packets, 112M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 1001K packets, 112M bytes)
 pkts bytes target     prot opt in     out     source               destination

Offline

#22 2012-11-14 18:17:45

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

I created a script with the output of your script as I get errors when running it as root. Here is the script:

#!/bin/bash
/usr/sbin/ip route flush table ISP1 2>/dev/null
/usr/sbin/ip rule del fwmark 101 table ISP1 2>/dev/null
/usr/sbin/ip route add table ISP1 192.168.178.0/24 dev eth0 proto kernel  scope link  src 192.168.178.31  metric 202 2>/dev/null
/usr/sbin/ip route add table ISP1 default via 192.168.178.1 dev eth0
/usr/sbin/ip rule add fwmark 101 table ISP1
/usr/sbin/ip route flush table ISP2 2>/dev/null
/usr/sbin/ip rule del fwmark 102 table ISP2 2>/dev/null
/usr/sbin/ip route add table ISP2 192.168.178.0/24 dev eth0 proto kernel  scope link  src 192.168.178.31  metric 202 2>/dev/null
/usr/sbin/ip route add table ISP2 default via 192.168.1.1 dev wlan0
/usr/sbin/ip rule add fwmark 102 table ISP2
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
/usr/sbin/iptables -t mangle -N MARK-gw1
/usr/sbin/iptables -t mangle -A MARK-gw1 -m comment --comment 'send via 192.168.178.1' -j MARK --set-mark 101
/usr/sbin/iptables -t mangle -A MARK-gw1 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw1 -j RETURN
/usr/sbin/iptables -t mangle -N MARK-gw2
/usr/sbin/iptables -t mangle -A MARK-gw2 -m comment --comment 'send via 192.168.1.1' -j MARK --set-mark 102
/usr/sbin/iptables -t mangle -A MARK-gw2 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw2 -j RETURN
/usr/sbin/iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment "this stream is already marked; escape early" -m mark ! --mark 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i eth0 -m state --state NEW -j MARK-gw1
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i wlan0 -m state --state NEW -j MARK-gw2
/usr/sbin/iptables -t mangle -N DEF_POL
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p tcp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p udp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m state --state NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound eth0' -o eth0 -s 192.168.0.0/16 -m mark --mark 101 -j SNAT --to-source 192.168.178.95
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound wlan0' -o wlan0 -s 192.168.0.0/16 -m mark --mark 102 -j SNAT --to-source 192.168.1.95
/usr/sbin/ip route flush cache

And here is the output:

WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.
WARNING: The state match is obsolete. Use conntrack instead.

Offline

#23 2012-11-14 22:23:51

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

ttouch wrote:

I created a script with the output of your script as I get errors when running it as root. Here is the script:

That all looks OK to me.

ttouch wrote:

And here is the output:

Those are warnings, not errors. They shouldn't matter, but try this instead:

#!/bin/bash
/usr/sbin/ip route flush table ISP1 2>/dev/null
/usr/sbin/ip rule del fwmark 101 table ISP1 2>/dev/null
/usr/sbin/ip route add table ISP1 192.168.178.0/24 dev eth0 proto kernel  scope link  src 192.168.178.31  metric 202 2>/dev/null
/usr/sbin/ip route add table ISP1 default via 192.168.178.1 dev eth0
/usr/sbin/ip rule add fwmark 101 table ISP1
/usr/sbin/ip route flush table ISP2 2>/dev/null
/usr/sbin/ip rule del fwmark 102 table ISP2 2>/dev/null
/usr/sbin/ip route add table ISP2 192.168.178.0/24 dev eth0 proto kernel  scope link  src 192.168.178.31  metric 202 2>/dev/null
/usr/sbin/ip route add table ISP2 default via 192.168.1.1 dev wlan0
/usr/sbin/ip rule add fwmark 102 table ISP2
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
/usr/sbin/iptables -t mangle -N MARK-gw1
/usr/sbin/iptables -t mangle -A MARK-gw1 -m comment --comment 'send via 192.168.178.1' -j MARK --set-mark 101
/usr/sbin/iptables -t mangle -A MARK-gw1 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw1 -j RETURN
/usr/sbin/iptables -t mangle -N MARK-gw2
/usr/sbin/iptables -t mangle -A MARK-gw2 -m comment --comment 'send via 192.168.1.1' -j MARK --set-mark 102
/usr/sbin/iptables -t mangle -A MARK-gw2 -j CONNMARK --save-mark
/usr/sbin/iptables -t mangle -A MARK-gw2 -j RETURN
/usr/sbin/iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment "this stream is already marked; escape early" -m mark ! --mark 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i eth0 -m conntrack --ctstate NEW -j MARK-gw1
/usr/sbin/iptables -t mangle -A PREROUTING -m comment --comment 'prevent asynchronous routing' -i wlan0 -m conntrack --ctstate NEW -j MARK-gw2
/usr/sbin/iptables -t mangle -N DEF_POL
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p tcp -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'default balancing' -p udp -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 tcp' -m mark --mark 0 -p tcp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j MARK-gw1
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw1 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 0 -j ACCEPT
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j MARK-gw2
/usr/sbin/iptables -t mangle -A DEF_POL -m comment --comment 'balance gw2 udp' -m mark --mark 0 -p udp -m conntrack --ctstate NEW -m statistic --mode nth --every 2 --packet 1 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound eth0' -o eth0 -s 192.168.0.0/16 -m mark --mark 101 -j SNAT --to-source 192.168.178.95
/usr/sbin/iptables -t nat -A POSTROUTING -m comment --comment 'snat outbound wlan0' -o wlan0 -s 192.168.0.0/16 -m mark --mark 102 -j SNAT --to-source 192.168.1.95
/usr/sbin/ip route flush cache

Make sure all those rules are put into the kernel properly -- check the output of `iptables -t mangle -nvL`

Last edited by fukawi2 (2012-11-14 22:25:01)

Offline

#24 2012-11-15 20:07:40

ttouch
Member
From: /dev/null
Registered: 2012-05-27
Posts: 129
Website

Re: Network bonding

Ok, now it executes succesfully. However I have no internet connectivity.
All I do is to configure the interfaces via netcfg (no gateways anywhere) and then I execute your script.
In order to have internet, I shoud "ip route add default via 192.168.178.1" which is just a regular network set up.
Any idea what's going on?

Offline

#25 2012-11-18 22:17:57

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,253
Website

Re: Network bonding

Does the output of `iptables -t mangle -nvL` indicate that any of those rules are being hit against? The first 2 columns should have numbers > 0 if they are being hit.

Offline

Board footer

Powered by FluxBB