Load Balancing over two ISP

Kernels & Hardware, configuring network, installing services

Load Balancing over two ISP

Postby TinMar » 2015-10-16 09:52

I'm trying to set load balancing over 2 ISP link on a router / firewall running Debian Jessie.

There are iptables rules for balancing and forwarding:
Code: Select all
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.5 -j MARK --set-mark 20
iptables -t mangle -A PREROUTING -i $wan1 -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -i $wan2 -j MARK --set-mark 20
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark

iptables -t nat -A POSTROUTING -o $wan1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o $wan2 -j MASQUERADE

iptables -A FORWARD -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i $lan -s $lan_net -p tcp \
   -m set --match-set TCP_LANS_FORWARD dst \
   -m state --state NEW \
   -j ACCEPT
iptables -A FORWARD -i $lan -s $lan_net -p udp \
   -m set --match-set UDP_LANS_FORWARD dst \
   -m state --state NEW \
   -j ACCEPT
iptables -A FORWARD -i $lan -s $lan_net -p icmp \
   -m state --state NEW,RELATED \
   -j ACCEPT


There are iproute2 rules:
Code: Select all
ip route add 172.20.0.0/24 dev eth0 src 172.20.0.150 table WAN1
ip route add default via 172.20.0.254 table WAN1
ip route add 192.168.0.0/24 dev eth1 src 192.168.0.150 table WAN2
ip route add default via 192.168.0.254 table WAN2

ip route add default via 172.20.0.254

ip rule add fwmark 10 table WAN1
ip rule add fwmark 20 table WAN2

ip route add 10.0.0.0/24 dev eth2 table WAN1
ip route add 192.168.0.0/24 dev eth1 table WAN1
ip route add 127.0.0.0/8 dev lo   table WAN1
ip route add 10.0.0.0/24 dev eth2 table WAN2
ip route add 172.20.0.0/24 dev eth0 table WAN2
ip route add 127.0.0.0/8 dev lo   table WAN2


The packets marked as 20, theoretically routed via table WAN2 via 192.168.0.254, are lost.
The WAN2 gateway is working if I set as default without balancing.

I disabled the rp_filter module on all interfaces and I installed xtables-addons-dkms.

It will be great if someone have an idea.

I also try this but I had trouble with forwarded connexions.
Is there other solution?
TinMar
 
Posts: 1
Joined: 2015-10-16 08:14

Return to System configuration

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable