iptables PortForward not working properlyIptables working strangelysquid + iptables not workingConnecting Two Computers Together: Assigning IP doesnt workRouting and Ip setupForwarding ports with iptables not working?IP tables as a basic proxy not functioning as expectedUbuntu 16.04 lts - network does not start on boot - bondingIPtables logging not working

Locked out of my own server

Washing the skin of a dead rat

Comparison of C-Cl bond length in CH3Cl and CF3Cl

How are side-channel attacks executed? What does an attacker need to execute a side channel attack?

What is the type of English used in the King James Bible called?

How could Thanos survive this attack?

How do I tell my new Windows 10 PC to import images via SD card or card reader when I insert a card?

Does the on'yomi of 輪 (リン) have any relation to the English "ring", or is it a coincidence?

How likely are you to be injured by falling shot from a game shoot?

Do dead weight 'components' exist?

How exactly do you avoid fooling yourself?

Promotions usually come with raises, right?

Can the Wish spell be used to allow someone to be able to cast all of their spells at will?

jmdn. ärgern in a sentence

How to persuade players not to cheat?

What does "2 fingers to Scotland" mean in Peter Grant's statement about Johnson not listening to the SNP's Westminster leader speeches?

Is it worth delving deep outside my field to revise a paper?

Peano's dot notation

Can Alter Self be used to enter an enemy's body and destroy it from the inside?

What spacing difference is acceptable with tile?

Why does telnet on a non existent port not directly reject, but time out?

What is self hosted version control system?

Is this change to how XP works in D&D 3.5 unbalanced?

There are polygons with only right angles which have an odd number of corners



iptables PortForward not working properly


Iptables working strangelysquid + iptables not workingConnecting Two Computers Together: Assigning IP doesnt workRouting and Ip setupForwarding ports with iptables not working?IP tables as a basic proxy not functioning as expectedUbuntu 16.04 lts - network does not start on boot - bondingIPtables logging not working






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









0

















4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



Kindly go through the script and advise suitably.
Your help is much appreciated.



# /etc/network/interfaces
auto lo
iface lo inet loopback

auto enp4s5f0
iface enp4s5f0 inet static
address 192.168.7.2
netmask 255.255.255.0
gateway 192.168.7.1
dns-nameservers 8.8.8.8 8.8.4.4

auto enp4s5f1
iface enp4s5f1 inet static
address 192.168.8.2
netmask 255.255.255.0
gateway 192.168.8.1
dns-nameservers 8.8.8.8 8.8.4.4

auto enp4s6f0
iface enp4s6f0 inet static
address 192.168.9.2
netmask 255.255.255.0
gateway 192.168.9.1
dns-nameservers 8.8.8.8 8.8.4.4

auto enp4s6f1
iface enp4s6f1 inet static
address 192.168.10.2
netmask 255.255.255.0
gateway 192.168.10.1
dns-nameservers 8.8.8.8 8.8.4.4

auto ens2
iface ens2 inet static
address 192.168.2.190
netmask 255.255.255.0
#gateway 192.168.2.1
dns-nameservers 8.8.8.8 8.8.4.4


#

ipt.sh 



#!/bin/bash
set -x
IPT="/sbin/iptables"
NIC1="enp4s5f0"
NIC2="enp4s5f1"
NIC3="enp4s6f0"
NIC4="enp4s6f1"
LAN="ens2" 
ISP1="192.168.7.33"
ISP2="192.168.8.33"
ISP3="192.168.9.33"
ISP4="192.168.10.33"
IIP="192.168.2.190"
echo 1 >| /proc/sys/net/ipv4/ip_forward
echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

#***************
# reset iptables
#_______________
## reset the default policies in the filter table.
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT

## reset the default policies in the nat table.
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT

## reset the default policies in the mangle table.
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT

## flush all the rules in the filter and nat tables.
$IPT -F
$IPT -t nat -F
$IPT -t mangle -F

## erase all chains that's not default in filter and nat table.
$IPT -X
$IPT -t nat -X
$IPT -t mangle -X

#****************
# rules 
#________________
$IPT -A INPUT -m state --state INVALID -j DROP 
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
$IPT -A INPUT -p icmp -j ACCEPT 
$IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
$IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
$IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT 

$IPT -A FORWARD -m state --state INVALID -j DROP 
$IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
$IPT -A FORWARD -p icmp -j ACCEPT 
#****************



ip route add default scope global 
 nexthop via $ISP1 dev $NIC1 weight 1 
 nexthop via $ISP2 dev $NIC2 weight 1 
 nexthop via $ISP3 dev $NIC3 weight 1 
 nexthop via $ISP4 dev $NIC4 weight 1 

#iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
#iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
#iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
#iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

#$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

iptables -P FORWARD DROP
#********************************
# allow certain hosts full access
#________________________________

allowHost() 
iptables -A FORWARD -i $LAN -s $1 -j ACCEPT 


ip route flush cache


#

ifstat -bt 
 ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1 
 Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
 1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
 2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
 8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
 1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
 3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
 2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
 1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
 5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
 3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
 3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
 4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
 4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


#



Network



Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
 IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
 Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
 IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
 Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
 IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
 Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
 IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
 Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
 IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b





16.04 networking iptables port-forwarding







share|improve this question


































    0

















    4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



    Kindly go through the script and advise suitably.
    Your help is much appreciated.



    # /etc/network/interfaces
    auto lo
    iface lo inet loopback

    auto enp4s5f0
    iface enp4s5f0 inet static
    address 192.168.7.2
    netmask 255.255.255.0
    gateway 192.168.7.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto enp4s5f1
    iface enp4s5f1 inet static
    address 192.168.8.2
    netmask 255.255.255.0
    gateway 192.168.8.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto enp4s6f0
    iface enp4s6f0 inet static
    address 192.168.9.2
    netmask 255.255.255.0
    gateway 192.168.9.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto enp4s6f1
    iface enp4s6f1 inet static
    address 192.168.10.2
    netmask 255.255.255.0
    gateway 192.168.10.1
    dns-nameservers 8.8.8.8 8.8.4.4

    auto ens2
    iface ens2 inet static
    address 192.168.2.190
    netmask 255.255.255.0
    #gateway 192.168.2.1
    dns-nameservers 8.8.8.8 8.8.4.4


    #

    ipt.sh 



    #!/bin/bash
    set -x
    IPT="/sbin/iptables"
    NIC1="enp4s5f0"
    NIC2="enp4s5f1"
    NIC3="enp4s6f0"
    NIC4="enp4s6f1"
    LAN="ens2" 
    ISP1="192.168.7.33"
    ISP2="192.168.8.33"
    ISP3="192.168.9.33"
    ISP4="192.168.10.33"
    IIP="192.168.2.190"
    echo 1 >| /proc/sys/net/ipv4/ip_forward
    echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

    #***************
    # reset iptables
    #_______________
    ## reset the default policies in the filter table.
    $IPT -P INPUT ACCEPT
    $IPT -P FORWARD ACCEPT
    $IPT -P OUTPUT ACCEPT

    ## reset the default policies in the nat table.
    $IPT -t nat -P PREROUTING ACCEPT
    $IPT -t nat -P POSTROUTING ACCEPT
    $IPT -t nat -P OUTPUT ACCEPT

    ## reset the default policies in the mangle table.
    $IPT -t mangle -P PREROUTING ACCEPT
    $IPT -t mangle -P OUTPUT ACCEPT

    ## flush all the rules in the filter and nat tables.
    $IPT -F
    $IPT -t nat -F
    $IPT -t mangle -F

    ## erase all chains that's not default in filter and nat table.
    $IPT -X
    $IPT -t nat -X
    $IPT -t mangle -X

    #****************
    # rules 
    #________________
    $IPT -A INPUT -m state --state INVALID -j DROP 
    $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
    $IPT -A INPUT -p icmp -j ACCEPT 
    $IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
    $IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
    $IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT 

    $IPT -A FORWARD -m state --state INVALID -j DROP 
    $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
    $IPT -A FORWARD -p icmp -j ACCEPT 
    #****************



    ip route add default scope global 
     nexthop via $ISP1 dev $NIC1 weight 1 
     nexthop via $ISP2 dev $NIC2 weight 1 
     nexthop via $ISP3 dev $NIC3 weight 1 
     nexthop via $ISP4 dev $NIC4 weight 1 

    #iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
    #iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
    #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
    #iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
    $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

    #$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

    iptables -P FORWARD DROP
    #********************************
    # allow certain hosts full access
    #________________________________

    allowHost() 
    iptables -A FORWARD -i $LAN -s $1 -j ACCEPT 


    ip route flush cache


    #

    ifstat -bt 
     ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1 
     Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
     1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
     2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
     8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
     1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
     3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
     2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
     1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
    30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
     5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
    37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
    87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
    11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
    25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
    26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
     3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
     3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
     4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
     4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


    #



    Network



    Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
     IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
     Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
     IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
     Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
     IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
     Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
     IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
     Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
     IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b





    16.04 networking iptables port-forwarding







    share|improve this question






























      0












      0








      0








      4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



      Kindly go through the script and advise suitably.
      Your help is much appreciated.



      # /etc/network/interfaces
      auto lo
      iface lo inet loopback

      auto enp4s5f0
      iface enp4s5f0 inet static
      address 192.168.7.2
      netmask 255.255.255.0
      gateway 192.168.7.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s5f1
      iface enp4s5f1 inet static
      address 192.168.8.2
      netmask 255.255.255.0
      gateway 192.168.8.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f0
      iface enp4s6f0 inet static
      address 192.168.9.2
      netmask 255.255.255.0
      gateway 192.168.9.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f1
      iface enp4s6f1 inet static
      address 192.168.10.2
      netmask 255.255.255.0
      gateway 192.168.10.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto ens2
      iface ens2 inet static
      address 192.168.2.190
      netmask 255.255.255.0
      #gateway 192.168.2.1
      dns-nameservers 8.8.8.8 8.8.4.4


      #

      ipt.sh 



      #!/bin/bash
      set -x
      IPT="/sbin/iptables"
      NIC1="enp4s5f0"
      NIC2="enp4s5f1"
      NIC3="enp4s6f0"
      NIC4="enp4s6f1"
      LAN="ens2" 
      ISP1="192.168.7.33"
      ISP2="192.168.8.33"
      ISP3="192.168.9.33"
      ISP4="192.168.10.33"
      IIP="192.168.2.190"
      echo 1 >| /proc/sys/net/ipv4/ip_forward
      echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

      #***************
      # reset iptables
      #_______________
      ## reset the default policies in the filter table.
      $IPT -P INPUT ACCEPT
      $IPT -P FORWARD ACCEPT
      $IPT -P OUTPUT ACCEPT

      ## reset the default policies in the nat table.
      $IPT -t nat -P PREROUTING ACCEPT
      $IPT -t nat -P POSTROUTING ACCEPT
      $IPT -t nat -P OUTPUT ACCEPT

      ## reset the default policies in the mangle table.
      $IPT -t mangle -P PREROUTING ACCEPT
      $IPT -t mangle -P OUTPUT ACCEPT

      ## flush all the rules in the filter and nat tables.
      $IPT -F
      $IPT -t nat -F
      $IPT -t mangle -F

      ## erase all chains that's not default in filter and nat table.
      $IPT -X
      $IPT -t nat -X
      $IPT -t mangle -X

      #****************
      # rules 
      #________________
      $IPT -A INPUT -m state --state INVALID -j DROP 
      $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
      $IPT -A INPUT -p icmp -j ACCEPT 
      $IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
      $IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
      $IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT 

      $IPT -A FORWARD -m state --state INVALID -j DROP 
      $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
      $IPT -A FORWARD -p icmp -j ACCEPT 
      #****************



      ip route add default scope global 
       nexthop via $ISP1 dev $NIC1 weight 1 
       nexthop via $ISP2 dev $NIC2 weight 1 
       nexthop via $ISP3 dev $NIC3 weight 1 
       nexthop via $ISP4 dev $NIC4 weight 1 

      #iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
      #iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
      #iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      #$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      iptables -P FORWARD DROP
      #********************************
      # allow certain hosts full access
      #________________________________

      allowHost() 
      iptables -A FORWARD -i $LAN -s $1 -j ACCEPT 


      ip route flush cache


      #

      ifstat -bt 
       ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1 
       Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
       1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
       2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
       8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
       1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
       2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
       1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
       5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
      37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
      87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
      11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
      25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
      26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
       4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
       4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


      #



      Network



      Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
       IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
       Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
       Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
       Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
       Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b





      16.04 networking iptables port-forwarding







      share|improve this question

















      4 ISPs are connected to the gateway, I tried using iptables for load balancing, but only one ISP is utilized for connecting to internet while the rest of the ISPs are idle as is evident from the output of ifstat.



      Kindly go through the script and advise suitably.
      Your help is much appreciated.



      # /etc/network/interfaces
      auto lo
      iface lo inet loopback

      auto enp4s5f0
      iface enp4s5f0 inet static
      address 192.168.7.2
      netmask 255.255.255.0
      gateway 192.168.7.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s5f1
      iface enp4s5f1 inet static
      address 192.168.8.2
      netmask 255.255.255.0
      gateway 192.168.8.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f0
      iface enp4s6f0 inet static
      address 192.168.9.2
      netmask 255.255.255.0
      gateway 192.168.9.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto enp4s6f1
      iface enp4s6f1 inet static
      address 192.168.10.2
      netmask 255.255.255.0
      gateway 192.168.10.1
      dns-nameservers 8.8.8.8 8.8.4.4

      auto ens2
      iface ens2 inet static
      address 192.168.2.190
      netmask 255.255.255.0
      #gateway 192.168.2.1
      dns-nameservers 8.8.8.8 8.8.4.4


      #

      ipt.sh 



      #!/bin/bash
      set -x
      IPT="/sbin/iptables"
      NIC1="enp4s5f0"
      NIC2="enp4s5f1"
      NIC3="enp4s6f0"
      NIC4="enp4s6f1"
      LAN="ens2" 
      ISP1="192.168.7.33"
      ISP2="192.168.8.33"
      ISP3="192.168.9.33"
      ISP4="192.168.10.33"
      IIP="192.168.2.190"
      echo 1 >| /proc/sys/net/ipv4/ip_forward
      echo 0 >| /proc/sys/net/ipv4/conf/all/rp_filter

      #***************
      # reset iptables
      #_______________
      ## reset the default policies in the filter table.
      $IPT -P INPUT ACCEPT
      $IPT -P FORWARD ACCEPT
      $IPT -P OUTPUT ACCEPT

      ## reset the default policies in the nat table.
      $IPT -t nat -P PREROUTING ACCEPT
      $IPT -t nat -P POSTROUTING ACCEPT
      $IPT -t nat -P OUTPUT ACCEPT

      ## reset the default policies in the mangle table.
      $IPT -t mangle -P PREROUTING ACCEPT
      $IPT -t mangle -P OUTPUT ACCEPT

      ## flush all the rules in the filter and nat tables.
      $IPT -F
      $IPT -t nat -F
      $IPT -t mangle -F

      ## erase all chains that's not default in filter and nat table.
      $IPT -X
      $IPT -t nat -X
      $IPT -t mangle -X

      #****************
      # rules 
      #________________
      $IPT -A INPUT -m state --state INVALID -j DROP 
      $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
      $IPT -A INPUT -p icmp -j ACCEPT 
      $IPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT 
      $IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT 
      $IPT -A INPUT -p tcp -m tcp --dport 8443 -j ACCEPT 

      $IPT -A FORWARD -m state --state INVALID -j DROP 
      $IPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
      $IPT -A FORWARD -p icmp -j ACCEPT 
      #****************



      ip route add default scope global 
       nexthop via $ISP1 dev $NIC1 weight 1 
       nexthop via $ISP2 dev $NIC2 weight 1 
       nexthop via $ISP3 dev $NIC3 weight 1 
       nexthop via $ISP4 dev $NIC4 weight 1 

      #iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark
      #iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j ACCEPT
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 10
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 20
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 30
      #iptables -t mangle -A PREROUTING -m statistic --mode random --probability 0.25 -j MARK --set-mark 40
      #iptables -t mangle -A PREROUTING -j CONNMARK --save-mark


      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC1 -j SNAT --to-source $ISP1
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC2 -j SNAT --to-source $ISP2
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC3 -j SNAT --to-source $ISP3
      $IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      #$IPT -A POSTROUTING -t nat -s 192.168.2.0/255.255.255.0 -o $NIC4 -j SNAT --to-source $ISP4

      iptables -P FORWARD DROP
      #********************************
      # allow certain hosts full access
      #________________________________

      allowHost() 
      iptables -A FORWARD -i $LAN -s $1 -j ACCEPT 


      ip route flush cache


      #

      ifstat -bt 
       ens2 enp4s5f0 enp4s5f1 enp4s6f0 enp4s6f1 
       Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out Kbps in Kbps out
       1.88 0.00 0.94 0.47 0.00 0.00 0.00 0.00 0.00 0.00
       2.04 0.00 0.70 0.70 0.00 0.00 0.00 0.00 0.00 0.00
       8.09 6.98 1.17 0.70 0.47 0.00 1.40 0.47 0.47 0.00
       1.31 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.52 0.52 0.00 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.51 0.51 0.00 0.00 0.00 0.00 0.00 0.00
       2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       7.87 4.68 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
       1.78 0.33 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       4.66 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
      30271.07 915.72 0.00 0.00 0.94 0.47 0.00 0.00 0.00 0.00
       5576.91 566.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       170.83 208.16 0.47 0.00 0.47 0.00 0.47 0.00 0.47 0.00
      37166.45 1144.21 56.66 30.21 0.00 0.00 0.00 0.00 0.00 0.00
      87935.34 2220.31 36.37 1.54 0.00 0.00 0.00 0.00 0.00 0.00
      11944.23 263.43 0.94 0.98 0.00 0.00 0.00 0.00 0.00 0.00
      25600.64 564.53 0.51 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.13 0.00 0.47 0.00 0.00 0.00 1.40 0.47 0.47 0.00
      26966.93 609.43 0.47 0.47 0.47 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.14 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       2.68 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
       3.13 0.00 0.47 0.00 0.00 0.00 0.47 0.00 0.47 0.00
       4.03 5.73 2.72 2.72 0.47 0.00 0.00 0.00 0.00 0.00
       4.60 0.84 6.53 6.53 0.00 0.00 0.00 0.00 0.00 0.00


      #



      Network



      Network: Card-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller driver: r8169
       IF: ens2 state: up speed: 100 Mbps duplex: full mac: 00:1c:c0:85:7c:43
       Card-2: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s5f0 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:25:11:4e
       Card-3: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s5f1 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:25:11:4f
       Card-4: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s6f0 state: up speed: 100 Mbps duplex: full mac: 00:11:0e:23:02:1a
       Card-5: Intel 82546EB Gigabit Ethernet Controller (Copper) driver: e1000
       IF: enp4s6f1 state: up speed: 1000 Mbps duplex: full mac: 00:11:0e:23:02:1b





      16.04 networking iptables port-forwarding




      16.04 networking iptables port-forwarding






      share|improve this question
















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jun 15 at 4:52







      Purushothaman

















      asked Jun 14 at 9:22









      PurushothamanPurushothaman

      862 silver badges13 bronze badges




      862 silver badges13 bronze badges























          0






          active

          oldest

          votes













          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );














          draft saved

          draft discarded
















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151009%2fiptables-portforward-not-working-properly%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown


























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1151009%2fiptables-portforward-not-working-properly%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown









          -

          Popular posts from this blog

          Tamil (spriik) Luke uk diar | Nawigatjuun

          Image
          Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
          Read more

          Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

          Image
          Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
          Read more

          Training a classifier when some of the features are unknownWhy does Gradient Boosting regression predict negative values when there are no negative y-values in my training set?How to improve an existing (trained) classifier?What is effect when I set up some self defined predisctor variables?Why Matlab neural network classification returns decimal values on prediction dataset?Fitting and transforming text data in training, testing, and validation setsHow to quantify the performance of the classifier (multi-class SVM) using the test data?How do I control for some patients providing multiple samples in my training data?Training and Test setTraining a convolutional neural network for image denoising in MatlabShouldn't an autoencoder with #(neurons in hidden layer) = #(neurons in input layer) be “perfect”?

          Image
          Extremely casual way to make requests to very close friends Why are Gatwick's runways too close together? AsyncDictionary - Can you break thread safety? Different inverter (logic gate) symbols Y2K... in 2019? Withdrew when Jimmy met up with Heath Christian apologetics regarding the killing of innocent children during the Genesis flood How does 'AND' distribute over 'OR' (Set Theory)? Ex-contractor published company source code and secrets online how to differentiate when a child lwc component is called twice in parent component? Infeasibility in mathematical optimization models How is this kind of structure made? Plausibility of Ice Eaters in the Arctic Tikzpicture - finish drawing a curved line for a cake slice Why is transplanting a specific intact brain impossible if it is generally possible? How to create all combinations from a nested list while preserving the structure using R? What should I call bands of armed men in Medieval T
          Read more