Monday, 26 August 2013

Split access and DNAT

Split access and DNAT

Im currencly trying to setup split routing of two or more tethered
bluetooth interfaces under linux. I use pand to connect to the phones
(iPhone).
I have followed
http://lartc.org/howto/lartc.rpdb.multiple-links.html
to configure split routing with load balancing (round robin).
My setup:
ip link
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT qlen 1000
link/ether ac:f1:df:0c:5a:27 brd ff:ff:ff:ff:ff:ff
6: bnep0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN mode DEFAULT qlen 1000
link/ether 00:02:72:3e:a0:32 brd ff:ff:ff:ff:ff:ff
7: bnep1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN mode DEFAULT qlen 1000
link/ether 00:02:72:3e:a0:32 brd ff:ff:ff:ff:ff:ff
ip addr
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether ac:f1:df:0c:5a:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global wlan0
valid_lft forever preferred_lft forever
6: bnep0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
link/ether 00:02:72:3e:a0:32 brd ff:ff:ff:ff:ff:ff
inet 172.20.10.5/28 brd 172.20.10.15 scope global bnep0
valid_lft forever preferred_lft forever
7: bnep1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UNKNOWN qlen 1000
link/ether 00:02:72:3e:a0:32 brd ff:ff:ff:ff:ff:ff
inet 172.20.10.2/28 brd 172.20.10.15 scope global bnep1
valid_lft forever preferred_lft forever
ip route
default via 172.20.10.1 dev bnep0 metric 208
default via 172.20.10.1 dev bnep1 metric 209
172.20.10.0/28 dev bnep0 proto kernel scope link src 172.20.10.2
metric 208
172.20.10.0/28 dev bnep1 proto kernel scope link src 172.20.10.5
metric 209
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.1
Split routing
ip route add 172.20.10.0/28 dev bnep0 src 172.20.10.2 table 1
ip route add default via 172.20.10.1 dev bnep0 table 1
ip route add 172.20.10.0/28 dev bnep1 src 172.20.10.5 table 3
ip route add default via 172.20.10.1 bnep1 table 3
ip route add 172.20.10.0/28 dev bnep0 src 172.20.10.2
ip route add 172.20.10.0/28 dev bnep1 src 172.20.10.5 // RTNETLINK
answers: File exists
ip rule add from 172.20.10.2 table 1
ip rule add from 172.20.10.5 table 3
ip route add 172.20.10.0/28 dev bnep1 table 1 // RTNETLINK answers: File
exists
ip route add 127.0.0.0/8 dev lo table 1
ip route add 192.168.1.0/24 dev wlan0 table 1
ip route add 172.20.10.0/28 dev bnep0 table 3 // RTNETLINK answers: File
exists
ip route add 127.0.0.0/8 dev lo table 3
ip route add 192.168.1.0/24 dev wlan0 table 3
ip route add default scope global nexthop via 172.20.10.1 dev bnep0 weight
1 nexthop via 172.20.10.1 dev bnep1 weight 1
ip route (after):
default
nexthop via 172.20.10.1 dev bnep0 weight 1
nexthop via 172.20.10.1 dev bnep1 weight 1
172.20.10.0/28 dev bnep0 scope link src 172.20.10.2
172.20.10.0/28 dev bnep0 proto kernel scope link src 172.20.10.2
metric 208
172.20.10.0/28 dev bnep1 proto kernel scope link src 172.20.10.5
metric 209
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.1
ip route list table 1:
default via 172.20.10.1 dev bnep0
127.0.0.0/8 dev lo scope link
172.20.10.0/28 dev bnep0 scope link src 172.20.10.2
192.168.1.0/24 dev wlan0 scope link
ip route list table 3:
default via 172.20.10.1 dev bnep1
127.0.0.0/8 dev lo scope link
172.20.10.0/28 dev bnep1 scope link src 172.20.10.5
192.168.1.0/24 dev wlan0 scope link
Routing:
iptables -A FORWARD -i bnep0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o bnep0 -j MASQUERADE
iptables -A FORWARD -i bnep0 -j REJECT
iptables -A FORWARD -i bnep1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o bnep1 -j MASQUERADE
iptables -A FORWARD -i bnep1 -j REJECT
To allow for shared subnets: net.ipv4.conf.all.arp_filter=0
net.ipv4.conf.all.arp_ignore=1 net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.*.rp_filter=0
The only modification to the instructions is that I added 'dev' when
adding default routes for the tables because the interfaces have the same
subnets.
I can ping on both interfaces on the router, but forwarded traffic from
wlan clients gets 50 % packet loss.
I found this post but I cant find out how to apply it in my case
Linux split access and DNAT
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)