# Multiple Internet Connection - (keep this forum alive pls)

## s0da

Good day everyone:

After a month of googling around I was able to find a (not so perfect) solution on how to use multiple internet connections.

First of all,  I would like to inform everyone that i'm a complete n00b. I haven't finished any IT course yet.  It's been four years already since i started using linux, but I still consider myself as linux newbie since I can't spend much time on it.  I also consider myself as a script kiddie since I just copy things from other clever people... Also, please forgive my english because i'm not a native english speaker. Ok so much for the talk! Let's dive in!

My LINUX ROUTER/Gateway/Server (whatever it is called ):

CPU     : Intel(R) Pentium(R) 4 CPU 2.40GHz HT

Memory: 1024 MB

OS       : of course Gentoo Linux

Kernel  : 2.6.9-rc4-love1 aka "It's Alive!"  (SMP + NPTL + CFQ)

             (patched with Julian Anastasov's patches)

             patch is available at http://www.ssi.bg/~ja/#combinations

             (patch-2.6.9-ja1.diff << patches cleanly on 2.6.9-rc4-love1)

             make sure kernel is properly configured

NICs     : eth0 - internal LAN (192.168.2.0/24)

                        ip address: 192.168.2.254

               eth1 - external connection - ISP1 (10.10.10.72/29)*

                         ip address: 10.10.10.74

                         gateway ip address: 10.10.10.73

               eth2 - external connection - ISP2 (20.20.20.176/29)*

                         ip address: 20.20.20.179

                         gateway ip address: 20.20.20.182

*real ip address changed for security reasons ^_^

```
#Start of Script ---------------------------------

ISP1_IP=10.10.10.74

ISP1_GW=10.10.10.73

ISP2_IP=20.20.20.177

ISP2_GW=20.20.20.182

ip rule add prio 50 table main

ip route del default table main

ip rule add prio 201 from $ISP1_IP table 201

ip route add default via $ISP1_GW dev eth1 src $ISP1_IP proto static table 201

ip route append prohibit default table 201 metric 1 proto static

ip rule add prio 202 from $ISP2_IP table 202

ip route add default via $ISP2_GW dev eth2 src $ISP2_IP proto static table 202

ip route append prohibit default table 202 metric 1 proto static

ip rule add prio 222 table 222

ip route add default table 222 proto static \

        nexthop via $ISP1_GW dev eth1 weight 1 \

        nexthop via $ISP2_GW dev eth2 weight 1

#end of script
```

my /etc/conf.d/net:

```
iface_eth0="192.168.2.254 broadcast 192.168.2.255 netmask 255.255.255.0"

iface_eth1="10.10.10.74 broadcast 10.10.10.79 netmask 255.255.255.248"

iface_eth2="20.20.20.177 broadcast 20.20.20.183 netmask 255.255.255.248"

gateway="eth1/10.10.10.73"

```

also make sure your /etc/resolv.conf is properly configured

Problems encountered:

Some online games' having a hard time connecting to their respective servers.  Possible solution is to just route those games to just use one internet connection (unfortunately i don't know how to do this).  The above script worked on my setup, please post here if you have encountered some problems and if you have made some workaround to that problem please share it with us. 

Special thanks to the following:

Julian Anastasov - author of the patch (http://www.ssi.bg/~ja/#combinations)

Christoph Simon - author of the Nano HowTo (his howto was primary reference) [http://www.ssi.bg/~ja/nano.txt]

Fernando Favero - for posting his success story (http://www.spinics.net/lists/lartc/msg13794.html)

and most of all to the Most High God.

(i hope routing gurus out there will post their ideas here ^_^)

----------

## BobCamp

If you want to exempt things from the load balancing then add:

```

iptables -t nat -A POSTROUTING -o eth1 --match mark --mark 12  -j SNAT --to 192.168.10.5

iptables -t nat -A POSTROUTING -o eth2 --match mark --mark 12  -j SNAT --to 192.168.11.5

iptables -t nat -A POSTROUTING -j ACCEPT

```

that will allow you to go around a rule based on a "mark".

To set the mark in the first place use:

```

iptables -A FORWARD -t mangle -i eth0 --match helper --helper "ftp"  -j MARK --set-mark 12

iptables -A FORWARD -t mangle -i eth0 --match helper --helper "http" -j MARK --set-mark 12

```

These are based on fixed IP connections to the internet of 192.168.10.5 and 192.168.11.5

This is a slightly different setup than you have but it's the code that works in my setup.

----------

## s0da

thanks BobCamp for your post...

I've found a solution but its different from yours... 

I've added a rule into my routing table wherein packets marked with 0x4 will utilize a specific route.

```
ip rule add fwmark 4 table 202
```

I marked those packets with:

```
iptables -t mangle -A PREROUTING -d 203.131.91.208 \

        -s 192.168.2.0/24 -j MARK --set-mark 4

```

(this marks all packets destined for 203.131.91.208 with 0x4). My former solution was to mark packets according to their destinatin ports but it seemed that it didn't work well, just like the following: 

```

iptables -t mangle -A PREROUTING -p tcp \

        --dport 8300:8399 -s 192.168.2.0/24 -j MARK --set-mark 4

iptables -t mangle -A PREROUTING -p udp \

        --dport 8300:8399 -s 192.168.2.0/24 -j MARK --set-mark 4
```

the latter seems to still utilize the other connection (when monitored with "tcpdump"). Most likely there's a problem with my iptables code. (i'm still soo confused with iptables). But marking packets according to their destination address seems to work well.  

I'm gonna try your solution too...

----------

## BobCamp

There are a *large* number of ways to do almost anything with iptables. It looks like what you have is working. I would stick with what you have.

----------

## TerminalAddict

ok so here's something I've been struggling with

I have ipsec (racoon) running on my router.

How do I disable load balancing when I ipsec from the outside world ?

```

iptables -t nat -A POSTROUTING -o eth1 --match mark --mark 12  -j SNAT --to 192.168.10.5

iptables -t nat -A POSTROUTING -o eth2 --match mark --mark 13  -j SNAT --to 192.168.11.5

iptables -t nat -A POSTROUTING -j ACCEPT 

```

I'm not 100% sure that the above is correct. I guess I'm not NAT'ing am I ? the ipsec connection is terminated at the firewall not inside the lan

```

iptables -A FORWARD -t mangle -i {local???} --match helper --helper "{port 500???}"  -j MARK --set-mark 12

iptables -A FORWARD -t mangle -i {local???} --match helper --helper "{port 500}" -j MARK --set-mark 13

```

----------

## SchmilK

Will this just example only load balance to the lesser used connection? 

I was looking for reference on how to use both connections at the same time for a "multiplexed" connection for double the download/upload speed.   :Smile:    Is that even possible??

----------

## s0da

 *SchmilK wrote:*   

> 
> 
> I was looking for reference on how to use both connections at the same time for a "multiplexed" connection for double the download/upload speed.     Is that even possible??

 

Try your luck with BGP and the like... but both ISP should support it otherwise it won't work... By the way this solution works best on a network with many clients... (i.e., Net Cafe's... Schools... etc,)

----------

## [Mad]Masenko

I have also attempted to load balance 3 internet connections, but i have hit a problem.

```
xxxxxx ~ # ip rule add prio 50 table main

RTNETLINK answers: Invalid argument
```

IPTables ver: 1.2.11-r3

Any suggestions?

[edit]I also have no table called nat!

```
xxxxxx ~ # ip route show table nat

Error: argument "nat" is wrong: table id value is invalid
```

[/edit]

----------

## SchmilK

Thanks for the info.  Pretty sure my cable provider does not support it.  Though they will give me 2 cable modems and i can get full speed simultaneously from 2 seperate computers...oh well...I guess that's how it'll stay.

----------

## [Mad]Masenko

 *SchmilK wrote:*   

> Thanks for the info.  Pretty sure my cable provider does not support it.  Though they will give me 2 cable modems and i can get full speed simultaneously from 2 seperate computers...oh well...I guess that's how it'll stay.

 

Your provider doesn't need to support it. It can work for anyone with multiple connections to the internet.

This implementation load balances "sessions" (connections), not packets (u can look up the equalize function). If you want to load balance packets, which is more efficent, in that situation your provider has to support that.

----------

