Linux Today: Linux News On Internet Time.

More on LinuxToday

Linux netfilter/iptables split access with multiple ISPs

Mar 03, 2010, 18:32 (0 Talkback[s])
(Other stories by Adam Palmer)


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

[ Thanks to Adam Palmer for this link. ]

"Quite a while back, I posted article http://www.adamsinfo.com/extending-tc-and-iproute2-linux-routing-split-access-multiple-uplinks-multiple-isps-iptables-masquerading/

"The article focuses on using the standard iproute2 tool to allow the box to attempt to balance traffic over multiple uplinks with multiple default routes. While relatively easy to set up, it has a few problems:

1. Routes are cached, meaning that once the balancer has decided on a route to a certain IP for the first time, it will continue to use this route for a while.
2. There is no real control over which packets end up over which route, other than some basic metrics such as source IP and destination IP.
3. Certain long established TCP connections such as MSN or IRC die after the route cache expires and the packets begin being routed over the other connection. Logically, there should be a fix for this or theres a bug in my script, either way I gave up digging after a while, and just forced connections to given IPs over the same route each time.

"I've recently decided to give this a go in netfilter purely. My environment is a router with a number of LAN devices, with eth0 being the LAN interface (, while eth1 and eth2 are separate ISP links with public IPs."

Complete Story

Related Stories: