Hi, re: load balancing it must be done by the ISP for bonding DSL lines properly. what they support is what you will have to implement, typically they will give you a managed router that you connect to and this will take care of the bonding for you.
that said, you can do something similar with IPtables and packet marking and routing tables (see lartc) in the following iptables I have 2x DSL routers on eth1 and 2x DSL routers on eth3, which is why I use masquerade -- the kernel knows how to SNAT based on routing info then I say "for every NEW connection choose a DSL line" and then of course if a packet mark should be set then restore it, so that subsequent connections go out the same direction. this does mean of course, that you have 4x outgoing IP addresses for the 4x Internet connections I appreciate this is not same thing as a bonded line, which would give you 1x outgoing IP address, but it is useful to have this kind of thing where bonded lines are not supported. just be careful of some sites, such as Internet banks, authenticate you against your IP, and if the subsequent connection comes from a differing IP they immediately log you out. This setup also means that you can add into the networking up/down and do things like # ip rule del from all fwmark 0xa lookup connA when interfaces go down the line that reads -A OUTPUT ! -o eth0 -j redirection means that if you have squid running it will also use all 4 connections (not possible in squid.conf) hope this helps! IPRULE: 32758: from 192.168.4.0/24 lookup connD 32759: from 192.168.3.0/24 lookup connC 32760: from 192.168.2.0/24 lookup connB 32761: from 192.168.1.0/24 lookup connA 32762: from all fwmark 0xd lookup connD 32763: from all fwmark 0xc lookup connC 32764: from all fwmark 0xb lookup connB 32765: from all fwmark 0xa lookup connA 32766: from all lookup main 32767: from all lookup default IPTABLES: *nat :PREROUTING ACCEPT :INPUT ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o eth3 -j MASQUERADE COMMIT *mangle :PREROUTING ACCEPT :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT :RESTORE :WAN1 :WAN2 :WAN3 :WAN4 :redirection -A PREROUTING -j redirection -A OUTPUT ! -o eth0 -j redirection -A RESTORE -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff -A RESTORE -j ACCEPT -A WAN1 -j MARK --set-xmark 0xa/0xffffffff -A WAN1 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A WAN2 -j MARK --set-xmark 0xb/0xffffffff -A WAN2 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A WAN3 -j MARK --set-xmark 0xc/0xffffffff -A WAN3 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A WAN4 -j MARK --set-xmark 0xd/0xffffffff -A WAN4 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff -A redirection -p tcp -m state --state RELATED,ESTABLISHED -j RESTORE -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 0 -j WAN1 -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 1 -j WAN2 -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 2 -j WAN3 -A redirection -p tcp -m state --state NEW -m statistic --mode nth --every 4 --packet 3 -j WAN4 COMMIT *filter :INPUT ACCEPT :FORWARD ACCEPT :OUTPUT ACCEPT :fail2ban-SSH -A INPUT -p tcp -m tcp --dport 22 -j fail2ban-SSH -A fail2ban-SSH -j RETURN COMMIT
