[nSLUG] load balancing

Tim timothy at fabrysociety.org
Wed Sep 13 12:25:57 ADT 2006

I've recently moved, and I have both an Aliant DSL and an Eastlink Cable modem
here. I'm trying to load balance on the two lines for web traffic, and send the
reset out Eastlink, and it's basically working.

My setup;
iptables -t mangle -I PREROUTING -j MARK -s $INTERNAL --set-mark 1
iptables -t mangle -I PREROUTING -j MARK -s $INTERNAL -d -p tcp
--dport 80 --set-mark 2

ip rule add fwmark 1 table 1
ip rule add fwmark 2 table 2

ip route add table 1 via $EASTLINK
ip route add table 2 scope global nexthop
via $EASTLINK weight 1 nexthop
via $ALIANT weight 2

This load balances my web traffic over the two lines, giving the Aliant line
twice as much preferance. Both lines come in from hardware firewall boxes on the
same subnet, with different IPs of course.

My problem is if I try to download an ISO for a new distribution (HTTP), I get
quite a way through the download, and suddently get disconnected. Since this is
a route based policy, I assume those routes expire, before the transfer is

Is there a way to make the route stick until there is no open sockets going to
the host in question without having to specify a policy to make the route
static for the IP of the server?

Slackware 10.2
Kernel 2.4.33
iptables v1.3.3
CPU: Lowly Celeron 333


