dravya wrote:
>>> Hello all,
>>>
>>> I have a system setup with two phones/interfaces (ppp0 and ppp1). I
>>> access the internet via these two interfaces only.
>>>
>>> I have the following rules in my iptables:
>>>
>>> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>>> iptables -t nat -A POSTROUTING -o ppp1 -j MASQUERADE
>>>
>>> and yet when a machine on my network uses my machine as the gateway
>>> to ping outside, packets travel on the wrong link causing change of
>>> ip address of the phones. I have tested this using ethereal and it
>>> clearly shows a ppp0 packet (src add of ppp0) outgoing on ppp1, as
>>> I was capturing on ppp1. Also, iptables is masquerading as it shows
>>> the number of packets it masqueraded.
>>
>> I agree with you that the above rules ought to ensure that packets
>> going out of each interface have the appropriate source address.
>>
>> What does your routing table look like (presumably you are using
>> iproute2 to balance traffic, or route based on source etc, to share
>> the two links)?
>
> Yes I am using iproute2 and the Routing Table is as follows
>
> 206.47.201.1 dev ppp1 proto kernel scope link src 204.101.96.143
> 204.101.237.225 dev ppp0 proto kernel scope link src 69.158.211.67
> 169.254.0.0/16 dev eth0 scope link
> 192.168.0.0/16 dev eth0 scope link
> 127.0.0.0/8 dev lo scope link
> default equalize
> nexthop via 204.101.237.225 dev ppp0 weight 1
> nexthop via 206.47.201.1 dev ppp1 weight 1
Ok, just to follow up, if you'd like to equalize the network based on my
solution, you can use the nth target to balance traffic.
# INET3 should really be the internal interface of the network. I
slipped up typing it.
Replace:
iptables -t mangle -A PREROUTING -i ${INET3} -m mark --mark 0 -j
MARK ${MY_POLICY_DEFAULT}
With:
iptables -t mangle -A PREROUTING -i ${INET3} -m nth --every 2
--packet 0 -m mark --mark 0 -j MARK ${MY_POLICY_ETH0}
iptables -t mangle -A PREROUTING -i ${INET3} -m nth --every 2
--packet 1 -m mark --mark 0 -j MARK ${MY_POLICY_ETH1}
Using nth, you can change the weight of the lines appropriately. If
you'll notice, this solution equalizes based on full connections, not on
raw bandwidth usage. Raw usage can't be properly equalized on an
non-bonded line (One IP, many lines). So, what this means is that you
won't get clean 1-1 bandwidth distribution, but if you want that, you
should be looking into the lartc side of things.
