iptables PortForward not working properlyIptables working strangelysquid + iptables not workingConnecting Two Computers Together: Assigning IP doesnt workRouting and Ip setupForwarding ports with iptables not working?IP tables as a basic proxy not functioning as expectedUbuntu 16.04 lts - network does not start on boot - bondingIPtables logging not working

Locked out of my own server

Washing the skin of a dead rat

Comparison of C-Cl bond length in CH3Cl and CF3Cl

How are side-channel attacks executed? What does an attacker need to execute a side channel attack?

What is the type of English used in the King James Bible called?

How could Thanos survive this attack?

How do I tell my new Windows 10 PC to import images via SD card or card reader when I insert a card?

Does the on'yomi of 輪 (リン) have any relation to the English "ring", or is it a coincidence?

How likely are you to be injured by falling shot from a game shoot?

Do dead weight 'components' exist?

How exactly do you avoid fooling yourself?

Promotions usually come with raises, right?

Can the Wish spell be used to allow someone to be able to cast all of their spells at will?

jmdn. ärgern in a sentence

How to persuade players not to cheat?

What does "2 fingers to Scotland" mean in Peter Grant's statement about Johnson not listening to the SNP's Westminster leader speeches?

Is it worth delving deep outside my field to revise a paper?

Peano's dot notation

Can Alter Self be used to enter an enemy's body and destroy it from the inside?

What spacing difference is acceptable with tile?

Why does telnet on a non existent port not directly reject, but time out?

What is self hosted version control system?

Is this change to how XP works in D&D 3.5 unbalanced?

There are polygons with only right angles which have an odd number of corners



iptables PortForward not working properly


Iptables working strangelysquid + iptables not workingConnecting Two Computers Together: Assigning IP doesnt workRouting and Ip setupForwarding ports with iptables not working?IP tables as a basic proxy not functioning as expectedUbuntu 16.04 lts - network does not start on boot - bondingIPtables logging not working






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0

















4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



Kindly go through the script and advise suitably.
Your help is much appreciated.



# /etc/network/interfaces
auto lo
iface lo inet loopback

auto enp4s5f0
iface enp4s5f0 inet static
address 192.168.7.2
netmask 255.255.255.0
gateway 192.168.7.1
dns-nameservers 8.8.8.8 8.8.4.4

auto enp4s5f1
iface enp4s5f1 inet static
address 192.168.8.2
netmask 255.255.255.0
gateway 192.168.8.1
dns-nameservers 8.8.8.8 8.8.4.4

auto enp4s6f0
iface enp4s6f0 inet static
address 192.168.9.2
netmask 255.255.255.0
gateway 192.168.9.1
dns-nameservers 8.8.8.8 8.8.4.4

auto enp4s6f1
iface enp4s6f1 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.1
dns-nameservers 8.8.8.8 8.8.4.4

auto ens2
iface ens2 inet static
address 192.168.2.190
netmask 255.255.255.0
#gateway 192.168.2.1
dns-nameservers 8.8.8.8 8.8.4.4


#

ipt.sh



#!/bin/bash
set -x
IPT="/sbin/iptables"
NIC1="enp4s5f0"
NIC2="enp4s5f1"
NIC3="enp4s6f0"
NIC4="enp4s6f1"
LAN="ens2"
ISP1="192.168.7.33"
ISP2="192.168.8.33"
ISP3="192.168.9.33"
ISP4="192.168.10.33"
IIP="192.168.2.190"
echo 1 >| /proc/sys/net/ipv4/ip_forward
echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

#***************
# reset iptables
#_______________
## reset the default policies in the filter table.
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

## reset the default policies in the nat table.
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

## reset the default policies in the mangle table.
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

## flush all the rules in the filter and nat tables.
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F

## erase all chains that's not default in filter and nat table.
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X

#****************
# rules
#________________
$IPT -A INPUT -m state --state INVALID -j DROP
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A INPUT -p icmp -j ACCEPT
$IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
$IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT

$IPT -A FORWARD -m state --state INVALID -j DROP
$IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -p icmp -j ACCEPT
#****************



ip route add default scope global
nexthop via $ISP1 dev $NIC1 weight 1
nexthop via $ISP2 dev $NIC2 weight 1
nexthop via $ISP3 dev $NIC3 weight 1
nexthop via $ISP4 dev $NIC4 weight 1

#iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
#iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
#iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

#$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

iptables -P FORWARD DROP
#********************************
# allow certain hosts full access
#________________________________

allowHost()
iptables -A FORWARD -i $LAN -s $1 -j ACCEPT


ip route flush cache


#

ifstat -bt 
ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1
Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


#



Network



Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b









share|improve this question


































    0

















    4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



    Kindly go through the script and advise suitably.
    Your help is much appreciated.



    # /etc/network/interfaces
    auto lo
    iface lo inet loopback

    auto enp4s5f0
    iface enp4s5f0 inet static
    address 192.168.7.2
    netmask 255.255.255.0
    gateway 192.168.7.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto enp4s5f1
    iface enp4s5f1 inet static
    address 192.168.8.2
    netmask 255.255.255.0
    gateway 192.168.8.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto enp4s6f0
    iface enp4s6f0 inet static
    address 192.168.9.2
    netmask 255.255.255.0
    gateway 192.168.9.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto enp4s6f1
    iface enp4s6f1 inet static
    address 192.168.10.2
    netmask 255.255.255.0
    gateway 192.168.10.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto ens2
    iface ens2 inet static
    address 192.168.2.190
    netmask 255.255.255.0
    #gateway 192.168.2.1
    dns-nameservers 8.8.8.8 8.8.4.4


    #

    ipt.sh



    #!/bin/bash
    set -x
    IPT="/sbin/iptables"
    NIC1="enp4s5f0"
    NIC2="enp4s5f1"
    NIC3="enp4s6f0"
    NIC4="enp4s6f1"
    LAN="ens2"
    ISP1="192.168.7.33"
    ISP2="192.168.8.33"
    ISP3="192.168.9.33"
    ISP4="192.168.10.33"
    IIP="192.168.2.190"
    echo 1 >| /proc/sys/net/ipv4/ip_forward
    echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

    #***************
    # reset iptables
    #_______________
    ## reset the default policies in the filter table.
    $IPT -P INPUT ACCEPT
    $IPT -P FORWARD ACCEPT
    $IPT -P OUTPUT ACCEPT

    ## reset the default policies in the nat table.
    $IPT -t nat -P PREROUTING ACCEPT
    $IPT -t nat -P POSTROUTING ACCEPT
    $IPT -t nat -P OUTPUT ACCEPT

    ## reset the default policies in the mangle table.
    $IPT -t mangle -P PREROUTING ACCEPT
    $IPT -t mangle -P OUTPUT ACCEPT

    ## flush all the rules in the filter and nat tables.
    $IPT -F
    $IPT -t nat -F
    $IPT -t mangle -F

    ## erase all chains that's not default in filter and nat table.
    $IPT -X
    $IPT -t nat -X
    $IPT -t mangle -X

    #****************
    # rules
    #________________
    $IPT -A INPUT -m state --state INVALID -j DROP
    $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    $IPT -A INPUT -p icmp -j ACCEPT
    $IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    $IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    $IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT

    $IPT -A FORWARD -m state --state INVALID -j DROP
    $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    $IPT -A FORWARD -p icmp -j ACCEPT
    #****************



    ip route add default scope global
    nexthop via $ISP1 dev $NIC1 weight 1
    nexthop via $ISP2 dev $NIC2 weight 1
    nexthop via $ISP3 dev $NIC3 weight 1
    nexthop via $ISP4 dev $NIC4 weight 1

    #iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
    #iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
    #iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

    #$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

    iptables -P FORWARD DROP
    #********************************
    # allow certain hosts full access
    #________________________________

    allowHost()
    iptables -A FORWARD -i $LAN -s $1 -j ACCEPT


    ip route flush cache


    #

    ifstat -bt 
    ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1
    Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
    1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
    2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
    8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
    1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
    3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
    2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
    1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
    5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
    37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
    87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
    11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
    25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
    26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
    3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
    4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
    4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


    #



    Network



    Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
    IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
    Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
    IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
    Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
    IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
    Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
    IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
    Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
    IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b









    share|improve this question






























      0












      0








      0








      4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



      Kindly go through the script and advise suitably.
      Your help is much appreciated.



      # /etc/network/interfaces
      auto lo
      iface lo inet loopback

      auto enp4s5f0
      iface enp4s5f0 inet static
      address 192.168.7.2
      netmask 255.255.255.0
      gateway 192.168.7.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s5f1
      iface enp4s5f1 inet static
      address 192.168.8.2
      netmask 255.255.255.0
      gateway 192.168.8.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f0
      iface enp4s6f0 inet static
      address 192.168.9.2
      netmask 255.255.255.0
      gateway 192.168.9.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f1
      iface enp4s6f1 inet static
      address 192.168.10.2
      netmask 255.255.255.0
      gateway 192.168.10.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto ens2
      iface ens2 inet static
      address 192.168.2.190
      netmask 255.255.255.0
      #gateway 192.168.2.1
      dns-nameservers 8.8.8.8 8.8.4.4


      #

      ipt.sh



      #!/bin/bash
      set -x
      IPT="/sbin/iptables"
      NIC1="enp4s5f0"
      NIC2="enp4s5f1"
      NIC3="enp4s6f0"
      NIC4="enp4s6f1"
      LAN="ens2"
      ISP1="192.168.7.33"
      ISP2="192.168.8.33"
      ISP3="192.168.9.33"
      ISP4="192.168.10.33"
      IIP="192.168.2.190"
      echo 1 >| /proc/sys/net/ipv4/ip_forward
      echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

      #***************
      # reset iptables
      #_______________
      ## reset the default policies in the filter table.
      $IPT -P INPUT ACCEPT
      $IPT -P FORWARD ACCEPT
      $IPT -P OUTPUT ACCEPT

      ## reset the default policies in the nat table.
      $IPT -t nat -P PREROUTING ACCEPT
      $IPT -t nat -P POSTROUTING ACCEPT
      $IPT -t nat -P OUTPUT ACCEPT

      ## reset the default policies in the mangle table.
      $IPT -t mangle -P PREROUTING ACCEPT
      $IPT -t mangle -P OUTPUT ACCEPT

      ## flush all the rules in the filter and nat tables.
      $IPT -F
      $IPT -t nat -F
      $IPT -t mangle -F

      ## erase all chains that's not default in filter and nat table.
      $IPT -X
      $IPT -t nat -X
      $IPT -t mangle -X

      #****************
      # rules
      #________________
      $IPT -A INPUT -m state --state INVALID -j DROP
      $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
      $IPT -A INPUT -p icmp -j ACCEPT
      $IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
      $IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
      $IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT

      $IPT -A FORWARD -m state --state INVALID -j DROP
      $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
      $IPT -A FORWARD -p icmp -j ACCEPT
      #****************



      ip route add default scope global
      nexthop via $ISP1 dev $NIC1 weight 1
      nexthop via $ISP2 dev $NIC2 weight 1
      nexthop via $ISP3 dev $NIC3 weight 1
      nexthop via $ISP4 dev $NIC4 weight 1

      #iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
      #iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
      #iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      #$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      iptables -P FORWARD DROP
      #********************************
      # allow certain hosts full access
      #________________________________

      allowHost()
      iptables -A FORWARD -i $LAN -s $1 -j ACCEPT


      ip route flush cache


      #

      ifstat -bt 
      ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1
      Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
      1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
      2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
      8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
      1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
      2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
      1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
      5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
      37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
      87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
      11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
      25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
      26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
      4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
      4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


      #



      Network



      Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
      IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
      Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
      Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
      Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
      Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b









      share|improve this question

















      4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



      Kindly go through the script and advise suitably.
      Your help is much appreciated.



      # /etc/network/interfaces
      auto lo
      iface lo inet loopback

      auto enp4s5f0
      iface enp4s5f0 inet static
      address 192.168.7.2
      netmask 255.255.255.0
      gateway 192.168.7.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s5f1
      iface enp4s5f1 inet static
      address 192.168.8.2
      netmask 255.255.255.0
      gateway 192.168.8.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f0
      iface enp4s6f0 inet static
      address 192.168.9.2
      netmask 255.255.255.0
      gateway 192.168.9.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f1
      iface enp4s6f1 inet static
      address 192.168.10.2
      netmask 255.255.255.0
      gateway 192.168.10.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto ens2
      iface ens2 inet static
      address 192.168.2.190
      netmask 255.255.255.0
      #gateway 192.168.2.1
      dns-nameservers 8.8.8.8 8.8.4.4


      #

      ipt.sh



      #!/bin/bash
      set -x
      IPT="/sbin/iptables"
      NIC1="enp4s5f0"
      NIC2="enp4s5f1"
      NIC3="enp4s6f0"
      NIC4="enp4s6f1"
      LAN="ens2"
      ISP1="192.168.7.33"
      ISP2="192.168.8.33"
      ISP3="192.168.9.33"
      ISP4="192.168.10.33"
      IIP="192.168.2.190"
      echo 1 >| /proc/sys/net/ipv4/ip_forward
      echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

      #***************
      # reset iptables
      #_______________
      ## reset the default policies in the filter table.
      $IPT -P INPUT ACCEPT
      $IPT -P FORWARD ACCEPT
      $IPT -P OUTPUT ACCEPT

      ## reset the default policies in the nat table.
      $IPT -t nat -P PREROUTING ACCEPT
      $IPT -t nat -P POSTROUTING ACCEPT
      $IPT -t nat -P OUTPUT ACCEPT

      ## reset the default policies in the mangle table.
      $IPT -t mangle -P PREROUTING ACCEPT
      $IPT -t mangle -P OUTPUT ACCEPT

      ## flush all the rules in the filter and nat tables.
      $IPT -F
      $IPT -t nat -F
      $IPT -t mangle -F

      ## erase all chains that's not default in filter and nat table.
      $IPT -X
      $IPT -t nat -X
      $IPT -t mangle -X

      #****************
      # rules
      #________________
      $IPT -A INPUT -m state --state INVALID -j DROP
      $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
      $IPT -A INPUT -p icmp -j ACCEPT
      $IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
      $IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
      $IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT

      $IPT -A FORWARD -m state --state INVALID -j DROP
      $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
      $IPT -A FORWARD -p icmp -j ACCEPT
      #****************



      ip route add default scope global
      nexthop via $ISP1 dev $NIC1 weight 1
      nexthop via $ISP2 dev $NIC2 weight 1
      nexthop via $ISP3 dev $NIC3 weight 1
      nexthop via $ISP4 dev $NIC4 weight 1

      #iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
      #iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
      #iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      #$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      iptables -P FORWARD DROP
      #********************************
      # allow certain hosts full access
      #________________________________

      allowHost()
      iptables -A FORWARD -i $LAN -s $1 -j ACCEPT


      ip route flush cache


      #

      ifstat -bt 
      ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1
      Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
      1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
      2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
      8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
      1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
      2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
      1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
      5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
      37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
      87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
      11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
      25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
      26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
      4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
      4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


      #



      Network



      Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
      IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
      Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
      Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
      Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
      Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
      IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b






      16.04 networking iptables port-forwarding






      share|improve this question
















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jun 15 at 4:52







      Purushothaman

















      asked Jun 14 at 9:22









      PurushothamanPurushothaman

      862 silver badges13 bronze badges




      862 silver badges13 bronze badges























          0






          active

          oldest

          votes













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );














          draft saved

          draft discarded
















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151009%2fiptables-portforward-not-working-properly%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown


























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151009%2fiptables-portforward-not-working-properly%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown









          Popular posts from this blog

          Tamil (spriik) Luke uk diar | Nawigatjuun

          Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

          Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?