I have OpenSuse 11.1 installed in a system as server (without graphics). We have 3 NICs, 2 of them connected to 2 different ISPs through gateways, as follows:
IPs for NICs: IP1=192.168.5.2/24; IP2=192.168.6.2/24 dev=eth2
Gateways: GW1=192.168.5.10; GW2=192.168.6.10 dev=eth3
Third NIC connected into the internal network with and IP=192.168.11.2/24 dev=eth0
We added ip routes and rules as follows (used tables created with vim in the rt_table file with numbers 20 & 30):
ip route add NET1 dev DEV1 src IP1 table TB1
ip route add default via GW1 table TB1
ip route add NET2 dev DEV2 src IP2 table TB2
ip route add default via GW2 table TB2
ip rule add from NET1 table TB1
ip rule add from NET2 table TB2
ip route add default scope global nexthop via GW1 dev DEV1 weight WG1 nexthop via GW2 dev DEV2 weight WG2
from the server I could ping Yahoo! and ping any PC connected in the internal network (192.168.11.xxx). Fro PCs I could ping all the IPs of the server but not the GWs neither any web site, I couldn’t surf either.
So do you have a solution for this? I need it to make it running for the company I am working with.
I add; when we tried to ping from a PC the local network IP of the server it worked, but not other IPs on the server (IP1 & IP2). Except when I added a line to both TB1 & TB2. The line is:
ip route add 192.168.11.0/24 dev eth0 src 192.168.11.2 table TB1 (I repeated the same line with TB2 at the end)
The we could ping IP1 & IP2 from PCs but not GWs nor any web site.
I left the office, so I won’t be able to show you all the results. for the ifconfig I know the result. the three NICs are configured correctly (eth0 192.168.11.2 subnet mask 255.255.255.0; eth2 192.168.6.2 subnet mask 255.255.255.0; eth3 192.168.5.2 subnet mask 255.255.255.0 - eth0 is connected to local switch and eth2 & eth3 are connected to 2 DSL routers)
for route the result is (I am using ?? as place holders for unwritten text):
192.168.11.0 * 255.255.255.0 ??? eth0
192.168.6.0 * 255.255.255.0 ??? eth2
192.168.5.0 * 255.255.255.0 ??? eth3
…
default
nexthop 192.168.6.10 0.0.0.0 ??? eth2
nexthop 192.168.5.10 0.0.0.0 ??? eth3
I will resend to you the exact output tomorrow morning, if the above doesn’t help
I didn’t receive any answer for what I sent. Hereby I am resending your request.
for route -n
192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
192.168.11.2 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.5.10 0.0.0.0 UG 0 0 0 eth3
Note, I stopped 192.168.6.2 (down) just to check only one Internet link and how I can use the server with local link by other PCs to surf in the Internet. If this succeed then I can add the load balancing (the second link and more links whenever required)
Hi, folks.
I know the thread is old but the issue ain’t
I managed to balance the traffic between two ISPs with
ip_rds=86.125.*.*
net_rds=86.125.*.0/255.255.255.192
gw_rds=86.125.*.*
ip_romtelecom=86.34.*.*
net_romtelecom=86.34.*.0/255.255.255.252
gw_romtelecom=86.34.*.*
if_rds=eth2
if_romtelecom=eth0
if_lan=eth1
ip route add $net_rds dev $if_rds src $ip_rds table rds ##these tables were created earlier, by hand, in /etc/iproute2/rt_tables
ip route add default via $gw_rds table rds
ip route show table rds
ip route add $net_romtelecom dev $if_romtelecom src $ip_romtelecom table romtelecom ##these tables were created earlier, by hand, in /etc/iproute2/rt_tables
ip route add default via $gw_romtelecom table romtelecom
ip route show table romtelecom
ip rule add from $ip_rds table rds
ip rule add from $ip_romtelecom table romtelecom
ip rule show
ip route add default scope global \
nexthop via $gw_romtelecom dev $if_romtelecom weight 1\
nexthop via $gw_rds dev $if_rds weight 2 \
|| echo -n "nexthop rule fallback:" && ip route append default scope global\
nexthop via $gw_romtelecom dev $if_romtelecom weight 1\
nexthop via $gw_rds dev $if_rds weight 2 && ip route del
ip route flush cache
ip route show table romtelecom
ip route show table rds
ip route show table main
The *_rds ISP is a 100mb/s fiber connection and the *_romtelecom one is 50mb/s, that’s why I try to push more traffic on the wider pipe.
It all works nice and well, traffic being piped thru both ISPs and tending towards equilibrium.
The first snag was that my firewall has individual ACCEPT rules for each client IP&MAC in the LAN thus denying internet access to not-matching IP&MAC addresses.
And I had to create new rules for accounting the second ISP. (Just FORWARD and MASQUERADE between LAN and the 2nd ISP interface)
Could be the case with @malghwell. His firewall being in the way? But, I guess that after all these years it doesn’t matter anymore.
But… the second and my final snag: Now that the networks work alright… some clients in the LAN are in trouble. Some WebMail they use just can’t work with this setup.
So I thought they’d need special routing rules to always get them thru just one of the gateways.
Except for a single web page I found failing randomly (speedtest dot net) in Firefox and IE and works alright with Konqueror, the two clients look like the only problem I’m yet to solve.
How can I route them only thru one gateway, individually?
Without splitting the LAN in to two subnets, one for them two and one for everybody else who’s fine with two ISPs. I did consider having the two workmates in a separate
subnet but they’d wouldn’t be able to access the other subnet resources (printers, shares, uPnP)
Although this is an old thread I have the same problem with malghwell while having exactly the same load balancing configuration as yo6ial. Because I am just a networking amateur, could you please be more specific about the FORWARD and MASQUERADE rules? Could you give an example?
Thanx!