---

Linux netfilter/iptables split access with multiple ISPs

[ Thanks to Adam
Palmer
for this link. ]

“Quite a while back, I posted article
http://www.adamsinfo.com/extending-tc-and-iproute2-linux-routing-split-access-multiple-uplinks-multiple-isps-iptables-masquerading/

“The article focuses on using the standard iproute2 tool to
allow the box to attempt to balance traffic over multiple uplinks
with multiple default routes. While relatively easy to set up, it
has a few problems:

1. Routes are cached, meaning that once the balancer has decided
on a route to a certain IP for the first time, it will continue to
use this route for a while.
2. There is no real control over which packets end up over which
route, other than some basic metrics such as source IP and
destination IP.
3. Certain long established TCP connections such as MSN or IRC die
after the route cache expires and the packets begin being routed
over the other connection. Logically, there should be a fix for
this or theres a bug in my script, either way I gave up digging
after a while, and just forced connections to given IPs over the
same route each time.

“I’ve recently decided to give this a go in netfilter purely. My
environment is a router with a number of LAN devices, with eth0
being the LAN interface (192.168.1.0/24), while eth1 and eth2 are
separate ISP links with public IPs.”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis