Multiple ISP connection on same Linux server
Im working on my server setting up some multi WLAN connections. I basically have 2 connections.
(I have tried the one on: Load balancing & NAT-ing multiple ISP connections on Linux unfortunatly i am unable to get it to work)
The old one (since i only had one) "internet" the new one currently has its common name - enp0s19
So I have gotten the configuration information from my ISP the first is
internet:
IP: 133.212.242.2
mask: 255.255.255.0
gateway: 133.212.242.1
enp0s19
IP: 200.181.220.87
mask: 255.255.255.0
gateway: 200.181.220.1
These are the information that i have been given. I want these to run on the same server, the reason i need 2 is because there is a webpage that need to have a seperate IP to be able to work.
So I have tried to do the following:
cat /etc/iproute2/rt_tables
> 255 local
> 254 main
> 253 default
> 10 ISP1
> 20 ISP2
ISP1_IFACE="internet"
ISP2_IFACE="enp0s19"
ip route add default dev $ISP1_IFACE table ISP1
ip route add default dev $ISP2_IFACE table ISP2
ip route show
> default via 133.212.242.1 dev internet proto static
> 10.1.2.0/24 dev br-wordpress proto kernel scope link src 10.1.2.1
> 10.1.3.0/24 dev br-admin proto kernel scope link src 10.1.3.1
> 10.1.4.0/24 dev br-balancer proto kernel scope link src 10.1.4.1
> 10.1.5.0/24 dev br-tools proto kernel scope link src 10.1.5.1
> 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
> 172.18.0.0/16 dev br-7bcef0a6bdd9 proto kernel scope link src 172.18.0.1 linkdown
> 133.212.242.0/24 dev internet proto kernel scope link src 133.212.242.2
> 200.181.220.0/24 dev enp0s19 proto kernel scope link src 200.181.220.87
ip rule add fwmark 20 table ISP1 prio 33000
ip rule add fwmark 10 table ISP2 prio 33000
ip rule show
> 0: from all lookup local
> 32766: from all lookup main
> 32767: from all lookup default
> 33000: from all fwmark 0x14 lookup ISP1
> 33000: from all fwmark 0xa lookup ISP2
iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -j MARK --set-mark 10
iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.5 -j MARK --set-mark 20
iptables -t mangle -A PREROUTING -j CONNMARK --save-mark
My IpTables looks like the following:
# Generated by iptables-save v1.8.0 on Sun Oct 28 05:21:20 2018
*mangle
:PREROUTING ACCEPT [12483:2824480]
:INPUT ACCEPT [38237:7715180]
:FORWARD ACCEPT [2334:736437]
:OUTPUT ACCEPT [30191:8266788]
:POSTROUTING ACCEPT [32528:9003402]
-A PREROUTING -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -m mark ! --mark 0x0 -j ACCEPT
-A PREROUTING -j MARK --set-xmark 0xa/0xffffffff
-A PREROUTING -m statistic --mode random --probability 0.50000000000 -j MARK --set-xmark 0x14/0xffffffff
-A PREROUTING -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT
# Completed on Sun Oct 28 05:21:20 2018
# Generated by iptables-save v1.8.0 on Sun Oct 28 05:21:20 2018
*filter
:INPUT ACCEPT [119:6408]
:FORWARD ACCEPT [1733:914348]
:OUTPUT ACCEPT [41493:11064168]
:DOCKER-USER - [0:0]
:LOGACCEPT - [0:0]
:LOGDROP - [0:0]
:LOGREJECT - [0:0]
-A INPUT -d 10.1.3.2/32 -p tcp -m tcp --dport 9000 -j LOGACCEPT
-A INPUT -i lo -j LOGACCEPT
-A INPUT -i br-wordpress -j LOGACCEPT
-A INPUT -i br-balancer -j LOGACCEPT
-A INPUT -i br-tools -j LOGACCEPT
-A INPUT -i br-admin -j LOGACCEPT
-A INPUT -i docker0 -j LOGACCEPT
-A INPUT -i br-tools -p tcp -m tcp --dport 1006 -j LOGACCEPT
-A INPUT -i internet -p tcp -m tcp --dport 22 -j LOGACCEPT
-A INPUT ! -i br-balancer -p tcp -m tcp --dport 0:1023 -j LOGDROP
-A INPUT ! -i br-balancer -p udp -m udp --dport 0:1023 -j LOGDROP
-A INPUT ! -i br-wordpress -p tcp -m tcp --dport 0:1023 -j LOGDROP
-A INPUT ! -i br-wordpress -p udp -m udp --dport 0:1023 -j LOGDROP
-A FORWARD -j DOCKER-USER
-A FORWARD -d 10.1.0.0/16 -i internet -j LOGACCEPT
-A DOCKER-USER -j RETURN
-A LOGACCEPT -p tcp -j LOG --log-prefix "TCP LOG ACCEPT: "
-A LOGACCEPT -p udp -j LOG --log-prefix "UDP LOG ACCEPT: "
-A LOGACCEPT -p icmp -j LOG --log-prefix "ICMP LOG ACCEPT: "
-A LOGACCEPT -f -j LOG --log-prefix "FRAG LOG ACCEPT: "
-A LOGACCEPT -j ACCEPT
-A LOGDROP -p tcp -j LOG --log-prefix "TCP LOG DROP : "
-A LOGDROP -p udp -j LOG --log-prefix "UDP LOG DROP : "
-A LOGDROP -p icmp -j LOG --log-prefix "ICMP LOG DROP : "
-A LOGDROP -f -j LOG --log-prefix "FRAG LOG DROP : "
-A LOGDROP -j DROP
-A LOGREJECT -p tcp -j LOG --log-prefix "TCP LOG REJECT: "
-A LOGREJECT -p udp -j LOG --log-prefix "UDP LOG REJECT: "
-A LOGREJECT -p icmp -j LOG --log-prefix "ICMP LOG REJECT: "
-A LOGREJECT -f -j LOG --log-prefix "FRAG LOG REJECT: "
-A LOGREJECT -j DROP
COMMIT
# Completed on Sun Oct 28 05:21:20 2018
# Generated by iptables-save v1.8.0 on Sun Oct 28 05:21:20 2018
*nat
:PREROUTING ACCEPT [14641:3867868]
:INPUT ACCEPT [3248:193280]
:OUTPUT ACCEPT [3049:183103]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i internet -p tcp -m tcp --dport 9000 -j DNAT --to-destination 10.1.3.2
-A PREROUTING -i internet -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.1.4.3
-A PREROUTING -i internet -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.1.4.3
-A PREROUTING -i enp0s19 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.1.4.3
-A PREROUTING -i enp0s19 -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.1.4.3
-A PREROUTING -i internet -p tcp -m tcp --dport 25 -j DNAT --to-destination 10.1.5.249
-A PREROUTING -i internet -p tcp -m tcp --dport 143 -j DNAT --to-destination 10.1.5.249
-A PREROUTING -i internet -p tcp -m tcp --dport 465 -j DNAT --to-destination 10.1.5.249
-A PREROUTING -i internet -p tcp -m tcp --dport 587 -j DNAT --to-destination 10.1.5.249
-A PREROUTING -i internet -p tcp -m tcp --dport 993 -j DNAT --to-destination 10.1.5.249
-A PREROUTING -i internet -p tcp -m tcp --dport 2200 -j DNAT --to-destination 10.1.5.248:2200
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Sun Oct 28 05:21:20 2018
and the ifconfig intenet|enp0s19:
internet: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 133.212.242.2 netmask 255.255.255.0 broadcast 133.212.242.255
inet6 fe80::648d:19ff:fe9a:5fc9 prefixlen 64 scopeid 0x20<link>
ether 66:8d:19:xx:xx:xx txqueuelen 1000 (Ethernet)
RX packets 92829 bytes 8244401 (7.8 MiB)
RX errors 0 dropped 85 overruns 0 frame 0
TX packets 7857 bytes 3356687 (3.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s19: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 200.181.220.87 netmask 255.255.255.0 broadcast 200.181.220.255
inet6 fe80::a400:e2ff:fe55:a4f prefixlen 64 scopeid 0x20<link>
ether a6:00:e2:xx:xx:xx txqueuelen 1000 (Ethernet)
RX packets 61266 bytes 5115759 (4.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 150 bytes 12658 (12.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
But after this i am still unable to connect to the site using the new IP, the old sites and connections using the old IP still works. Im not getting anything in the IP tables log file.
Hope anyone can help get the the las part configured, so that i can use the new IP?
asked on Server Fault Oct 28, 2018 by 
KatsuoRyuu
KatsuoRyuu0 Answers
Nobody has answered this question yet.
User contributions licensed under CC BY-SA 3.0