Using OpenSuse server for load balancing multi Internet

I have OpenSuse 11.1 installed in a system as server (without graphics). We have 3 NICs, 2 of them connected to 2 different ISPs through gateways, as follows:
IPs for NICs: IP1=; IP2= dev=eth2
Gateways: GW1=; GW2= dev=eth3
Third NIC connected into the internal network with and IP= dev=eth0

We added ip routes and rules as follows (used tables created with vim in the rt_table file with numbers 20 & 30):
ip route add NET1 dev DEV1 src IP1 table TB1
ip route add default via GW1 table TB1

ip route add NET2 dev DEV2 src IP2 table TB2
ip route add default via GW2 table TB2

ip rule add from NET1 table TB1
ip rule add from NET2 table TB2

ip route add default scope global nexthop via GW1 dev DEV1 weight WG1 nexthop via GW2 dev DEV2 weight WG2

from the server I could ping Yahoo! and ping any PC connected in the internal network ( Fro PCs I could ping all the IPs of the server but not the GWs neither any web site, I couldn’t surf either.

So do you have a solution for this? I need it to make it running for the company I am working with.

Thank you

Did you enable IP-forwarding?

Thank you for your reply
Yes I did enabled forwarding (using yast)

I add; when we tried to ping from a PC the local network IP of the server it worked, but not other IPs on the server (IP1 & IP2). Except when I added a line to both TB1 & TB2. The line is:
ip route add dev eth0 src table TB1 (I repeated the same line with TB2 at the end)
The we could ping IP1 & IP2 from PCs but not GWs nor any web site.

Please can you show the results of these commands executed on the server:

/sbin/route -n
/sbin/ifconfig -a

This could make things a bit clearer.

I left the office, so I won’t be able to show you all the results. for the ifconfig I know the result. the three NICs are configured correctly (eth0 subnet mask; eth2 subnet mask; eth3 subnet mask - eth0 is connected to local switch and eth2 & eth3 are connected to 2 DSL routers)

for route the result is (I am using ?? as place holders for unwritten text): * ??? eth0 * ??? eth2 * ??? eth3

nexthop ??? eth2
nexthop ??? eth3

I will resend to you the exact output tomorrow morning, if the above doesn’t help


I didn’t receive any answer for what I sent. Hereby I am resending your request.
for route -n U 0 0 0 eth2 U 0 0 0 eth3 U 0 0 0 eth0 U 0 0 0 eth0 U 0 0 0 lo UG 0 0 0 eth3

for ifconfig -a
as I mentioned before


Note, I stopped (down) just to check only one Internet link and how I can use the server with local link by other PCs to surf in the Internet. If this succeed then I can add the load balancing (the second link and more links whenever required)

Any help for this?

Thank you

Hi, folks.
I know the thread is old but the issue ain’t :smiley:

I managed to balance the traffic between two ISPs with




ip route add $net_rds dev $if_rds src $ip_rds table rds ##these tables were created earlier, by hand, in /etc/iproute2/rt_tables
ip route add default via $gw_rds table rds
ip route show table rds

ip route add $net_romtelecom dev $if_romtelecom src $ip_romtelecom table romtelecom ##these tables were created earlier, by hand, in /etc/iproute2/rt_tables
ip route add default via $gw_romtelecom table romtelecom
ip route show table romtelecom 

ip rule add from $ip_rds table rds
ip rule add from $ip_romtelecom table romtelecom
ip rule show

ip route add default scope global \
                                nexthop via $gw_romtelecom dev $if_romtelecom weight 1\
                                nexthop via $gw_rds dev $if_rds weight 2 \
                                || echo -n "nexthop rule fallback:" &&  ip route append default scope global\
                                 nexthop via $gw_romtelecom dev $if_romtelecom weight 1\
                                 nexthop via $gw_rds dev $if_rds weight 2 && ip route del
ip route flush cache 
ip route show table romtelecom
ip route show table rds
ip route show table main

The *_rds ISP is a 100mb/s fiber connection and the *_romtelecom one is 50mb/s, that’s why I try to push more traffic on the wider pipe.
It all works nice and well, traffic being piped thru both ISPs and tending towards equilibrium.

The first snag was that my firewall has individual ACCEPT rules for each client IP&MAC in the LAN thus denying internet access to not-matching IP&MAC addresses.
And I had to create new rules for accounting the second ISP. (Just FORWARD and MASQUERADE between LAN and the 2nd ISP interface)
Could be the case with @malghwell. His firewall being in the way? But, I guess that after all these years it doesn’t matter anymore.

But… the second and my final snag: Now that the networks work alright… some clients in the LAN are in trouble. Some WebMail they use just can’t work with this setup.
So I thought they’d need special routing rules to always get them thru just one of the gateways.
Except for a single web page I found failing randomly (speedtest dot net) in Firefox and IE and works alright with Konqueror, the two clients look like the only problem I’m yet to solve.

How can I route them only thru one gateway, individually?

Without splitting the LAN in to two subnets, one for them two and one for everybody else who’s fine with two ISPs. I did consider having the two workmates in a separate
subnet but they’d wouldn’t be able to access the other subnet resources (printers, shares, uPnP)

I hope you could give some ideas.

Cheers and Happy Holidays!

Although this is an old thread I have the same problem with malghwell while having exactly the same load balancing configuration as yo6ial. Because I am just a networking amateur, could you please be more specific about the FORWARD and MASQUERADE rules? Could you give an example?