I'm trying to get a linux Mint computer with 4 NIC's to act as a load balance server. The idea is that we have three internet connections, and we want to use all of them so we can share usage of 50 computers across all the lines.
I've managed to get balancing happening on the server itself using ip route defaults etc, but I want a iptables solution (so unlike ip route's it wont be cached since all of the ppl are facebookers)
Where I seem to be stuck; I've got all the NIC's setup with static address information (see below) and I've tested the connections. They are working. I don't know how to route the traffic on the internal network to go via the 'firewall' (though i've had some success), or how to get the firewall to accept the connections and route them via the iptables. I did try setting up a DHCP server on the comp etc, but I bricked it and had to start again. frustrating.
My solution was to setup a linksys router to act as the DHCP server, with a static WAN address etc. I made the Linksys WAN gateway as my computers static IP for that NIC, and tested the connection. I was able to log into the router via its WAN port, so I know its working too. (and yes, i did have to setup external access on the router to make it work.)
I then used my laptop to ping from the internal network to the "firewall" and that worked (and vise versa). So I'm confidant that the communication via the router is working.
Now I just need to know how to get the 'firewall' to accept incoming packets, and route them to one of the other interfaces. And I've googled myself silly for the last month trying to get this nailed. so theres my script attached below to show you where I'm at.
Scripts and other information below:
My boot script, thanks to lots of googling.
P1_NET="192.168.1.0/24"
IF1="eth1"
IP1="192.168.1.249"
P1="192.168.1.254"
P2_NET="192.168.2.0/24"
IF2="eth2"
IP2="192.168.2.249"
P2="192.168.2.1"
echo 1 > /proc/sys/net/ipv4/ip_forward # Enables packet forwarding by kernel
ip route add $P1_NET dev $IF1 src $IP1 table Line1
ip route add $P2_NET dev $IF2 src $IP2 table Line2
ip route add $P1_NET dev $IF1 src $IP1
ip route add $P2_NET dev $IF2 src $IP2
ip route add default via $P1 table Line1
ip route add default via $P2 table Line2
ip rule add fwmark 1 table Line1
ip rule add fwmark 2 table Line2
ip rule add from $IP1 table Line1
ip rule add from $IP2 table Line2
iptables -A FORWARD --in-interface eth3 -j ACCEPT # Accept all incomming stuff from Eth3
iptables -t mangle -A PREROUTING -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m state --state new -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -m state --state new -m statistic --mode random --probability 0,5 -j MARK --set-mark 1
iptables -t nat -A POSTROUTING -o $IF1 -j SNAT --to $P1
iptables -t nat -A POSTROUTING -o $IF2 -j SNAT --to $P2
The results of this script:
/lib/xtables/libxt_statistic.so: /lib/xtables/libxt_statistic.so: undefined symbol: lround
iptables v1.4.12: Couldn't load match `statistic':Success
Try `iptables -h' or 'iptables --help' for more information.
My NIC config /etc/network/interface
#Loopback network
auto lo
iface lo inet loopback
#Alien Interface 1 - From the office up the road
auto eth1
iface eth1 inet static
address 192.168.1.249
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
#Alien Interface 2
#auto eth0
#iface eth0 inet static
#address 10.0.1.249
#netmask 255.255.255.0
#network 10.0.0.0
#broadcast 10.255.255.255
#gateway 10.0.1.1
#Alien Interface 3
auto eth2
iface eth2 inet static
address 192.168.2.249
netmask 255.255.255.0
network 192.168.2.0
broadcast 192.168.2.255
gateway 192.168.2.1
#Customs Iface 1 - Internal network
auto eth3
iface eth3 inet static
address 110.1.1.249
netmask 255.255.255.0
network 110.1.1.0
broadcast 110.1.1.255
ip addr
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:e0:4c:1b:09:6a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.249/24 brd 192.168.1.255 scope global eth1
inet6 fe80::2e0:4cff:fe1b:96a/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:e0:4c:1b:0b:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.249/24 brd 192.168.2.255 scope global eth2
inet6 fe80::2e0:4cff:fe1b:b46/64 scope link
valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0d:56:5a:5a:4c brd ff:ff:ff:ff:ff:ff
inet 110.1.1.249/24 brd 110.1.1.255 scope global eth3
inet6 fe80::20d:56ff:fe5a:5a4c/64 scope link
valid_lft forever preferred_lft forever
If you've got to the end of this message, your a legend, thanks so much if you can help!
