You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I see that it can do Load Balancing and shares the lines with a probability of 0.5. When I print packet Mark, I see that requests are coming through 1 and 2. I want to set the Mark as 1 in userspace side (using golang nfqueue), then able to direct traffic through WAN1. I am not sure these iptables ruleset is correct or not. Maybe the wrong is userspace side?
Thanks.
#!/bin/bash
echo 1 >| /proc/sys/net/ipv4/ip_forward
#echo 2 >| /proc/sys/net/ipv4/conf/all/rp_filter
iptables -F
iptables -t mangle -F
iptables -t mangle -X
iptables -t nat -F
iptables -t nat -X
# MARK 1 for WAN1
iptables -t mangle -N CONNMARK1
iptables -t mangle -A CONNMARK1 -j MARK --set-mark 1
iptables -t mangle -A CONNMARK1 -j CONNMARK --save-mark
# MARK 2 for WAN2
iptables -t mangle -N CONNMARK2
iptables -t mangle -A CONNMARK2 -j MARK --set-mark 2
iptables -t mangle -A CONNMARK2 -j CONNMARK --save-mark
#
iptables -t mangle -A PREROUTING -p tcp -s 192.168.0.0/16 ! -d 192.168.0.0/16 -m conntrack --ctstate ESTABLISHED,RELATED -j CONNMARK --restore-mark
# TCP LOADBALANCE
iptables -t mangle -A PREROUTING -p tcp -s 192.168.0.0/16 ! -d 192.168.0.0/16 -m conntrack --ctstate NEW -m statistic --mode random --probability 0.5 -j CONNMARK1
iptables -t mangle -A PREROUTING -p tcp -s 192.168.0.0/16 ! -d 192.168.0.0/16 -m conntrack --ctstate NEW -m mark --mark 0x0 -j CONNMARK2
# NON TCP LOADBALANCE
iptables -t mangle -A PREROUTING ! -p tcp -s 192.168.0.0/16 ! -d 192.168.0.0/16 -m statistic --mode random --probability 0.5 -j CONNMARK1
iptables -t mangle -A PREROUTING ! -p tcp -s 192.168.0.0/16 ! -d 192.168.0.0/16 -m mark --mark 0x0 -j CONNMARK2
# NFQUEUE
iptables -A FORWARD -i enp3s0 -o enp2s0 -j NFQUEUE --queue-balance 0:3
iptables -A FORWARD -i enp2s0 -o enp3s0 -j NFQUEUE --queue-balance 0:3
iptables -A FORWARD -i enp3s0 -o enp4s0 -j NFQUEUE --queue-balance 0:3
iptables -A FORWARD -i enp4s0 -o enp3s0 -j NFQUEUE --queue-balance 0:3
# NAT
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp4s0 -j MASQUERADE
#
if ! cat /etc/iproute2/rt_tables | grep -q '^251'
then
echo '251 WAN1' >> /etc/iproute2/rt_tables
fi
if ! cat /etc/iproute2/rt_tables | grep -q '^252'
then
echo '252 WAN2' >> /etc/iproute2/rt_tables
fi
# ROUTING TABLE FOR WAN1
ip route flush table WAN1 2>/dev/null
ip route add table WAN1 default via 10.10.12.1 dev enp2s0
# ROUTING TABLE FOR WAN2
ip route flush table WAN2 2>/dev/null
ip route add table WAN2 default via 192.168.1.1 dev enp4s0
# FwMark Tables
ip rule del from all fwmark 0x1 lookup WAN1 2>/dev/null
ip rule del from all fwmark 0x2 lookup WAN2 2>/dev/null
ip rule del from all fwmark 0x2 2>/dev/null
ip rule del from all fwmark 0x1 2>/dev/null
ip rule add fwmark 1 table WAN1
ip rule add fwmark 2 table WAN2
#
ip route flush cache
#
The text was updated successfully, but these errors were encountered:
I have 2 WAN links.
WAN1 => set mark 1
WAN2 => set mark 2
I see that it can do Load Balancing and shares the lines with a probability of 0.5. When I print packet Mark, I see that requests are coming through 1 and 2. I want to set the Mark as 1 in userspace side (using golang nfqueue), then able to direct traffic through WAN1. I am not sure these iptables ruleset is correct or not. Maybe the wrong is userspace side?
Thanks.
The text was updated successfully, but these errors were encountered: