Re: Creating a Hybrid Connection to Balance Traffic

[Joel Newkirk <netfilter@newkirk.us>]

On Saturday 26 October 2002 03:04 pm, Paul Aumer-Ryan wrote: (snipped heavily)
> I've got a peculiar situation that I hope you all
~
> discovered the joys of p2p file sharing (i.e., being
~
> to tone down my upload bandwidth usage on the DSL
~
> and a laptop.  The linux box currently uses ipchains

Well, that's not iptables, but you can set up with iptables and drop ipchains 
use... :^)

> So here comes the question: since I've got to reduce
> my upload usage, I'd like to try to use the linux box
> to do a special form of SNAT routing.  I would like
> all outgoing data to leave through the attached ppp0
> interface (the modem which I can hook up to a dialup
> ISP) and all incoming data to come back in through the
> eth0 interface (the broadband connection to my local
> ISP).  Basically, I need to do a form of SNAT routing

with IPTables, you would need to determine the IP of the DSL
(probably dynamic, but probably the same throughout a connection) and perform 
a basic SNAT using it.  MASQ wouldn't work, since it automagically determines 
the IP of the connection it's going out on, and you need to make it lie.  You 
may find the dial-up ISP will not accept packets with an unexpected source 
IP, though.  I'd recommend testing with tcp port 80 settings first, and see 
if your lan can browse the web, and which interface the packets go out/come 
in.

Presuming that the P2P is not running on the firewall machine:
in an iptables/ip script you could do something like this:
[disclaimer: I've never constructed an Iproute2 rule before, that part could 
very easily be completely wrong... the rest too, but...:^]

# set DSLIP to the IP of the DSL (eth0)
DSLIP=$(/sbin/ifconfig "eth0" | grep inet | cut -d":" -f 2 | cut -d" " -f 1)
# set TOS (Type-Of-Service) for routing to mincost (appropriate :^)
/sbin/iptables -t mangle -A PREROUTING {matches} -j TOS --set-tos 0x02
# tell Iproute2 to route mincost packets out the dialup (I think)
/sbin/ip route add -tos 0x02 protocol static dev ppp0 
# do SNAT in postrouting of any mincost packets, cross fingers
/sbin/iptables -t nat -A POSTROUTING -p tcp -m tos --tos 0x02 -j SNAT \ 
--to-source $DSLIP


For the prerouting {matches}, minimal would be "-i eth1" to handle only 
packets coming in from your lan.  (again assumes the p2p node's there)  I'd 
suggest, if this all works, to be a bit more selective: try passing only p2p 
packets by setting a TOS only for packets with specified TCP source or 
destination ports, something like:

/sbin/iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport 4661:4666 -j TOS 
--set-tos 0x02

to route outbound data from EDonkey.  The ip route add will fail if ppp0 isn't 
up, not sure how to handle this.  I presume you're not using a PPPoE DSL?  
That would probably give you ppp0 for DSL and ppp1 for dialout. (or reverse, 
or whatever, but not a hardware interface like eth0)

Now, with all that said, be sure to check if the p2p software itself offers 
bandwidth limiting ability.  (many do)  That's probably the simplest throttle 
available.

j

-- 
 "Redefining the role of the United States from enablers to keep the peace to 
enablers to keep the peace from peacekeepers is going to be an assignment." 
-George W. Bush