load balancing w/ NAT

[fivepesos]

situation: two cable modems on two seperate ethernet interfaces and one internal interface. ive been trying to use iptables to masquerade internal hosts out different interfaces. however, with linux it wonly only masq for the interface that has the default route that is last in my table. simply, i want 10.0.0.1 thru 10.0.0.10 from eth0 to go out eth1, 10.0.0.11 thru 10.0.0.20 to go out eth2. however, i can only masq one interface. ive been forced to just use two seperate machines which is very unsophisticated.

anyone running something like this? what about non-linux solutions? what do u guys run to share multiple internet connections?

 

[bex0rs]

IP Filter will do what you want. You would set up your ipnat rules file to look something like this:

map eth1 10.0.0.1/32 -> <cable.ip.1>/32
map eth1 10.0.0.2/32 -> <cable.ip.1>/32
...
map eth1 10.0.0.10/32 -> <cable.ip.1>/32

map eth2 10.0.0.11/32 -> <cable.ip.2>/32
map eth2 10.0.0.12/32 -> <cable.ip.2>/32
...
map eth2 10.0.0.20/32 -> <cable.ip.2>/32

IPF also provides a stateful firewall, with a fairly straightforward rule syntax. I use this combination under FreeBSD for my dsl.

~bex0rs

 

[fivepesos]

great to hear bsd can handle this. will there be a problem wtih the routing table if both cable modems have the same default route (ie same ISP gateway)?

 

[lowtech1]

Can also try:

map eth1 10.0.0.0/28 -> <cable.ip.1>/32
map eth2 10.0.0.16/28 -> <cable.ip.2>/32

The above method will give you from .0~.15 trafics through cable.ip.1, and .16~.31 trafics through cable.ip.2 (these rules should work for both IPchains & IPtables).



<< will there be a problem wtih the routing table if both cable modems have the same default route >>



There shouldn't be a problem as long as the GW in included in your subnet mask range.


If you are brave then try something similar below to redirect trafics if one ISP is down, and it is best to have Cable & ADSL for redundancy purposes:

map eth1 10.0.0.0/28 -> <cable.ip>/32
from cable.ip ping cable.gw at 60sec interval
if host unreach able after 3 tries then "map eth1 10.0.0.0/28 -> <adsl.ip>/32"

map eth2 10.0.0.16/28 -> <adsl.ip>/32
from adsl.ip ping adsl.gw at 60sec interval
if host unreach able after 3 tries then "map eth1 10.0.0.16/28 -> <cable.ip>/32"

I have not gotten the above round robin to work, and have try ip to ip ping as well as the above ip to gateway ping. please post if you can get round robin method to work.

 

[fivepesos]

<< (these rules should work for both IPchains & IPtables). >>


right, i assumed iptables -t nat -A POSTROUTING -s 10.0.0.1 -o eth1 -j MASQUERADE would work for however many interfaces i want, however i am only able to masquerade out whichever interface i configured last. ie if i run dhcpcd eth1 then dhcpcd eth2 only eth2 will be able to be masqed. my routing table lists my isps gateway as the next default gateway and is available thru both interfaces. but since eth2 was last to be entered in the routing table, i believe its taking preference, hence i cant masq out the first one. have u gotten this to work with iptables?

i realy think my problem is related to routing not my masq rules. will ipfilter work if my routing table has two identical matches?

 

[lowtech1]

<< have u gotten this to work with iptables? >>


No, I havn't try it out on iptables...according to the theory it should work, and I have gotten it to work with ipchains.



<< i realy think my problem is related to routing not my masq rules. will ipfilter work if my routing table has two identical matches? >>


run ip route command and look over your rule to see where the proble lies.
The last IPfilter rule will take precedence if you have identical match on the rule chain.